On Tue, Dec 02, 2008 at 12:38:10PM -0300, Faramir wrote: > David Shaw escribi??: > > On Mon, Dec 01, 2008 at 09:05:24PM +0100, Myckel Habets wrote: > > >> The screenshot he showed (the one where my key validated bad) showed > >> still the old expiration date. Is this somewhere stored in the key > >> itself? (it kept showing up even after he removed my public key and > ... > > It is stored on the key (in one of the self-signatures of the key, to > > be precise). The problem is that pgp 6.5.8 doesn't handle expiration > > properly, so it is not understanding that your key (having two > > expiration dates, the original one and the new one) was un-expired. > > Maybe "cleaning" the public key before sending it would help... or am > I wrong? IIRC, the clean command would remove the old signature, since > it has been superseded by the new one...
It probably would help, yes, since that removes the older selfsig that contains the expiration. It doesn't really solve the problem though - as soon as the 6.5.8 person updates keys, the problem selfsig will come back again. They could keep a copy of GPG around to clean keys for 6.5.8, but then it does raise the question why they don't just use the GPG that is sitting there... This is a perfect example of why 6.5.8 is bad: it more or less can be made to work, but requires special steps to be taken which raises the difficulty level of using PGP. It removes the "it just works" and replaces it with "it sort of works, but you have to ask lots of questions on mailing lists and hit Google regularly". That turns people off from using PGP. One of the great things that I think that the PGP company did in their new system is spend a lot of effort to make it "just work". I like the idea behind GPGrelay (http://sites.inka.de/tesla/gpgrelay.html) for the same reason. I don't use it - it's not targeted at me - but the idea is a nice one. David _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
