Charly Avital wrote on 19.01.2008 18:26:
> Vlad "SATtva" Miller wrote the following on 1/19/08 6:01 AM:
> [...]
> | Here for example (in the bottom) you may see two subkeys with binding
> | signatures expired at 2007-12-31:
> |
> http://pool.sks-keyservers.net:11371/pks/lookup?search=0x8443620A&op=vindex
> 
> So it is.
> 
> | But if you look at the original copy you'll see that all regenerated
> | sigs are in place:
> | http://www.vladmiller.info/contacts/openpgp.txt
> 
> After importing that keyblock:
[snip]
> [name]$ gpg --edit-key 8443620A
> gpg (GnuPG) 1.4.8; Copyright (C) 2007 Free Software Foundation, Inc.
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.
> 
> 
> pub  4096R/8443620A  created: 2006-12-21  expires: never       usage: SC
> ~                     trust: unknown       validity: unknown

.                                           vvvvvvvvvvvvvvvvvvv
> sub  2048R/070E0B73  created: 2006-12-21  expires: 2010-01-01  usage: S
> sub  2048R/7D57ED51  created: 2006-12-21  expires: 2010-01-01  usage: E
.                                           ^^^^^^^^^^^^^^^^^^^

So here's an explicit distinction between what we got from a keyserver
and from the gpg output.

[snip]
> In my system now:
> 
> I have not signed your key

And you should not.

-- 
SATtva | security & privacy consulting
www.vladmiller.info | www.pgpru.com


Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to