Am I confused, or does this same problem apply to the key on CERT advisory
CA-2001-21?
*** PGP Signature Status: good
*** Signer: CERT Coordination Center <[EMAIL PROTECTED]> (Invalid)
*** Signed: 7/24/2001 8:43:46 PM
*** Verified: 7/26/2001 12:54:13 PM
one of the keys used to sign the key used for this advisory was key ID
0x6A9591D0, also for "[EMAIL PROTECTED]", which expired 9/30/2000.
Ben Dehner
Valmont Industries
-----Original Message-----
From: Paul Murphy [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 26, 2001 4:15 AM
To: [EMAIL PROTECTED]
Subject: Re: Microsoft Security Bulletin MS01-040
As per MS01-038, this bulletin is signed with a PGP key which does not match
the sender, and so does not verify. The key is for "[EMAIL PROTECTED]",
while the sender is "[EMAIL PROTECTED]", and as a result PGP reports:
*** PGP Signature Status: good
*** Signer: Microsoft Security Response Center <[EMAIL PROTECTED]>
(Invalid)
*** Signed: 26/07/2001 02:08:04
*** Verified: 26/07/2001 09:58:00
The reason why the signer is invalid is that their key is signed by an
unknown signer (Key ID 0x63303caf). This turns out to be for
"[EMAIL PROTECTED]", and expired on 2/1/01. Is it too much to ask that
they have their key signed by Verisign or some other well-known and trusted
source, and that the keys in use are within their valid period?
