-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Joseph Oreste Bruni wrote:
> This is interesting: After changing my encryption subkey's expiration > by a few days (from 2008-02-07 to 2008-01-01), I tried to upload the > updated key to the PGP Global Directory (http://keyserver.pgp.com). > It complained that my key had expired, but it hasn't. Submitting the > key to the SKS key servers (hkp://pool.sks-keyservers.net) didn't > have a problem. My key ID is CD5518C7 if you want to look at it. I think PGP Global Directory is complaining that the pub key your sub key is attached to is expired. If it is working by allowing people to encrypt to you, maybe these are those new changes WK said have been made. Here is the key I got from PGP Global Directory for your KEYID after I imported it: pub 2048R/CD5518C7 2005-02-17 uid Joseph Oreste Bruni <jbruni_FRAT_mac_com> uid Joseph Oreste Bruni <brunij_GNAT_earthlink_net> uid Joseph Oreste Bruni <joe.bruni_ATBAT_bestwestern_com> uid Joseph Oreste Bruni <brunij_NOSPACE_bestwestern_com> uid [jpeg image of size 1173] sub 2048R/EEA4EC97 2007-01-31 [expires: 2008-01-31] Well, the email addresses were changed by moe, but you get the idea. Your pub key IS expired! Assuming you still have the same email address you used when you gave them (PGP) the key, you can just have them remove your key with the following page: http://keyserver.pgp.com/vkd/GetRemoveKeyScreen.event PGP Global Directory doesn't work like the other key servers by giving you the ability to delete your keys (breaks WOT, but ...). Having just said the foregoing, here is how your key came down from pgp.mit.edu (HKP): pub 2048R/CD5518C7 2005-02-17 uid Joseph Oreste Bruni <jbruni_FRAT_mac_com> uid Joseph Oreste Bruni <brunij_GNAT_earthlink_net> uid Joseph Oreste Bruni <joe.bruni_ATBAT_bestwestern_com> uid Joseph Oreste Bruni <brunij_NOSPACE_bestwestern_com> uid [jpeg image of size 1173] Hmm, where is the sub key? And here is how it comes down from the Penguin (X-HKP) in Germany: pub 2048R/CD5518C7 2005-02-17 uid Joseph Oreste Bruni <jbruni_FRAT_mac_com> uid Joseph Oreste Bruni <brunij_GNAT_earthlink_net> uid Joseph Oreste Bruni <joe.bruni_ATBAT_bestwestern_com> uid Joseph Oreste Bruni <brunij_NOSPACE_bestwestern_com> uid [jpeg image of size 1173] sub 2048R/EEA4EC97 2007-01-31 [expires: 2008-01-01] Please do the following as a test for me with the key you have now (a # indicates a comment): $ gpg --edit-key CD5518C7 Command> expire # change the expire date of your pub key to match your # sub key or at least so it is NOT expired $ gpg --keyserver hkp://pgp.mit.edu --send-keys CD5518C7 $ gpg --keyserver x-hkp://random.sks.keyserver.penguin.de \ --send-keys CD5518C7 If desired, after you have deleted your key from the PGP Global Directory, you can also submit it to them again. Let me know if you do any of this and I will do the tests again. Next time I will be FAR shorter in my reply (will just show any changes from what I have here depending on what you have done). You will have to ask the others if having a pub key that is expired on the key servers is a good idea or even if it is possible - I don't think it is possible but don't know for sure. I was able to sign your key but have NO idea what that means. What good does it do to sign an expired key? My OPINION is to either say goodbye to the pub key and all the sub-keys, or keep them ALL freshened up on their expire date so people know that the key is still good. I normally interpret a pub key that is expired as having an implicit meaning that it is no longer used and the person has replaced that key with a newer key. So if I intend to keep using a key, I change the expire dates for the pub key and all sub-keys at least one month before any of them expire for the desired period I want to keep them - lots of options to consider, like revoking your present sub-key and adding a new sub-key, when the expire date for each key is, etc. Then I upload my pub key to at least two keyservers again if if was on the keyservers. No reply from you means you don't want me to do the tests and didn't make any changes. If you do the changes, let me know when you have done it with a Bcc: to me. I only read the Digest. Sometimes it goes days before I get a new bundle of messages. Sometimes I don't seem to get them at all, but maybe they fell through the cracks. HHH -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGZ2YYr3QZv1upb6wRCjMSAJ9A/qWNgeQofviDpKpEAat0pMZWLwCgst9+ 0U8xKtWRX2r/1Ch+FhAjFho= =9OYY -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
