On Nov 30, 2008, at 2:19 PM, Myckel Habets wrote:
Hello list,
Last week I had contact with someone who said that my public key was
"bad" according his validation program. I've mailed with many people
before while using this key, but he was the first to tell me that.
When
I checked with a friend he said that the key was valid for him.
The key was created in 2005 and at creation time I added an expiration
date of the same day 2 years later. However within some time I thought
this was not really needed, so I removed that expiration date (gpg let
me do that, so I thought it was ok) and kept using that key without
any
problems.
Currently my key looks like this:
pub 1024D/9A3D206F created: 2005-12-10 expires: never
usage: SC
trust: ultimate validity: ultimate
sub 2048g/D5904978 created: 2005-12-10 expires: never
usage: E
[ultimate] (1). Myckel Habets (E-mail key) <[EMAIL PROTECTED]>
The person who said to me that the key validates as bad uses the
PGPkeys
program from the PGP corporation software (version 6.58, last version
that was released when Phil Zimmerman worked there, he doesn't trust
later versions) to do the validation.
To sum this up I have two questions:
1) What is causing this problem? Is my key really bad or is this an
incompatibility between PGPkeys version 6.58 and GPG?
Incompatibility. PGP 6.5.8 is too old for use in the modern age.
Yes, you can more or less make things work properly by persuading
everyone you communicate with to downgrade their clients, but even so
6.5.8 will occasionally pull the rug out from under you. This is one
of those times.
2) Do I need to create new keys and revoke this key?
No. You need to tell your friend to upgrade. 6.5.8 predates OpenPGP,
and will thus have problems interoperating with most of the modern
clients (including PGP).
David
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
