On 14/03/18 15:50, likcoras wrote: > On 03/14/2018 11:39 AM, Richard Hector wrote: >> And if I search for my key here: >> >> https://pgp.surfnet.nl/pks/lookup?op=vindex&fingerprint=on&search=0xb4a2f08fec70168d >> >> ... I can see that there is a self-sig with the expiry date Daniel >> mentioned, but also one for the one I'm seeing. > > You can change the expiry date of your own key, but for other people to > be able to see it and avoid having your key show up as expired, you must > publish the new (key? signature? not sure...) and others must fetch it > before the expiry date hits. > > I think what happened is that you edited the expiration date of your key > and published it, but the other person didn't get the updated version > before their copy of your key expired. >
Ah, that sounds plausible. I think I actually edited it after it had expired, so very likely, if that causes a problem. I have a newer one as well (4096 instead of 2048 bit) - though apparently with no signatures on it yet. Not sure if that will suffer the same problem? I can't remember if that one also expired and was posthumously edited ... If it hasn't actually been used much, will that mean nobody's got it 'cached'? Maybe I should just start from scratch :-( Secure distribution and collecting signatures always seems to be the problem. Thanks, Richard
signature.asc
Description: OpenPGP digital signature