Expired signature keys

Nick Lamb njl98r@ecs.soton.ac.uk
Wed, 6 Sep 2000 00:12:12 +0100 

--OgqxwSJOaUobr8KG
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline


Some time ago a friend created a GnuPG key and unknown to me they decided
to set an expiry time on their _primary_ signature key in the very near
future. They used this key to sign numerous keys, including mine and now
whenever GnuPG processes such sigs, for almost any reason it says:

gpg: NOTE: signature key expired Sat 13 May 2000 04:06:17 PM BST

This is very confusing because it doesn't say WHICH key has expired, it
seems to expect that the context makes this clear -- but of course when
GnuPG is silently processing away, and happens to examine this key for
some reason, it ISN'T obvious why this message has been printed, as a
result I spent some time carefully examining my private key (doh!)

Here's an example of a case where the output is most confusing, from
mutt while processing a signed message:

[-- PGP output follows (current time: Wed Sep  6 00:02:35 2000) --]
gpg: Signature made Tue 05 Sep 2000 20:19:19 BST using DSA key ID 741BE7D8
gpg: Good signature from "Nicholas Lamb <njl195@zepler.org.uk>"
gpg: NOTE: signature key expired Sat 13 May 2000 16:06:17 BST
[-- End of PGP output --]

You can see a reasonable person might think that it's the "Nicholas Lamb"
key which has expired, but it isn't, so I think GnuPG 1.0.3 should either:

1. Explicitly say in the NOTE which key has expired (but this might get
very noisy for people with large keyrings)

2. Shut up about expired keys -- just ignore them unless that would cause
an error, obviously ERRORS due to expired keys are worth reporting.

Can someone who has proprietary software check what PGP does these days?

Nick.

--OgqxwSJOaUobr8KG
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.2 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE5tX3MJL0BVnQb59gRAvP7AJ9KvqPwu0WykKRzH7+boACGHz2sjwCfXn1T
/Da8A3c46C2P/UL4Xaa6xls=
=lR8U
-----END PGP SIGNATURE-----

--OgqxwSJOaUobr8KG--