On 3/14/2018 4:20 AM, Richard Hector wrote:
On 14/03/18 15:50, likcoras wrote:
On 03/14/2018 11:39 AM, Richard Hector wrote:
And if I search for my key here:
https://pgp.surfnet.nl/pks/lookup?op=vindex&fingerprint=on&search=0xb4a2f08fec70168d
... I can see that there is a self-sig with the expiry date Daniel
mentioned, but also one for the one I'm seeing.
You can change the expiry date of your own key, but for other people to
be able to see it and avoid having your key show up as expired, you must
publish the new (key? signature? not sure...) and others must fetch it
before the expiry date hits.
I think what happened is that you edited the expiration date of your key
and published it, but the other person didn't get the updated version
before their copy of your key expired.
Ah, that sounds plausible. I think I actually edited it after it had
expired, so very likely, if that causes a problem. I have a newer one as
well (4096 instead of 2048 bit) - though apparently with no signatures
on it yet. Not sure if that will suffer the same problem? I can't
remember if that one also expired and was posthumously edited ... If it
hasn't actually been used much, will that mean nobody's got it 'cached'?
You should assume that the key is already cached somewhere! :)
Maybe I should just start from scratch :-(
Key transition is the way to go here:
https://www.apache.org/dev/key-transition.html
--
John Doe
