restoring a key

David Shaw dshaw@jabberwocky.com
Thu Oct 25 20:55:02 2001 

--zYM0uCDKw75PZbzx
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Oct 25, 2001 at 07:33:11PM +0200, disastry@saiknes.lv wrote:

> David Shaw wrote:
> > > I doub't it is even possible (I have not tested however).
> > > RFC probably allows multiple subkey binding signatures (I'm not sure),
> > > but gpg does not handle 'em well.
> >=20
> > It is possible, the RFC does allow it,
> ok
>=20
> > and gpg handles it just fine.
>=20
> no it does not.
>=20
> for example get my key from keyserver and import it into gpg - only one
> subkey will be imported, but the key have 2 ones.
> that's because keyserver have somehow copied binding sig from one subkey =
to other
> and now that subkey have two sigs - one valid other not.

That's a different problem.  If you extend the expiration date of a
subkey, you create an additional *valid* binding signature.  Thus, you
have two valid binding signatures.  As I said, gpg handles this just
fine.  Remember, I am actively using this feature every day, so you
can believe me when I tell you that it works :)

I just pulled your key from a keyserver and it looks like this:

     pubkey
     userid
     (sigs)
     userid
     (sigs)
     userid
     (sigs)
     public subkey 1
     public subkey 2
     (binding sig for 1)
    =20
You have two subkeys and one binding signature, and the binding
signature is attached to the wrong subkey.  Just for the hell of it, I
rearranged the packets so that the binding sig was in the right place
and the key was happy again.  There was no binding signature for
subkey 2.

David

--=20
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+--------------------------------------------------------------------------=
-+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson

--zYM0uCDKw75PZbzx
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6b (GNU/Linux)

iQEVAwUBO9hfq4ccwqs8s7QVAQEtwQf9ESHfjEcYzgvjz9PqT3/4kyh/Of9XUC2z
q38QWLmjYt0YI9+Dhkx6sLHfYdHq3G6/T/WlY6gp1BxVkxkNAts52MheKnFBAfz1
e1JJXagAtDh48uXEb+4YXluUafUmfX+4RC8w3CYJsqWv758T/kKyKtzEmpKOCiDn
INsACgONGEGJ6xiqzoERPKXO0RLaquJrTXFXT/8YIxnPZo6SpEEQ5xExVIBYyVxv
fgWdZmmphee9ba/QT7NRifPCg7vtd5CxT0nvOWE2fJJMgBL0fMHqaZSmaadIrNaz
OtemuJFxbpae4AtIl/RcXWO/OUkfqAEWzzxAKTtPwdFt5GAL70dTBQ==
=yzhL
-----END PGP SIGNATURE-----

--zYM0uCDKw75PZbzx--