Invalid subkey binding

David Shaw dshaw@jabberwocky.com
Sun May 4 22:32:02 2003


--kbCYTQG2MZjuOjyn
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sun, May 04, 2003 at 01:03:23PM -0400, Dennis Lambe Jr. wrote:
> On Sat, 2003-05-03 at 19:04, Jason Harris wrote:
> > Check the verbose (default) listing on keyserver.kjsl.com and see that
> > a "[keybind, hash: type 2, 6e 50]" signature is present on both subkeys,
> > making it likely to be a duplicate (that is invalid when paired with
> > the wrong subkey).
>=20
> On Sat, 2003-05-03 at 20:53, David Shaw wrote:
> > Probably someone sent an update to your key to one of the other
> > keyservers, which garbled it a bit, and re-synched that back to
> > keyserver.bu.edu.  Basically, one of your subkeys has two signatures
> > on it, only one of which is valid.
> >=20
> > So long as you have both your subkeys (and you do), it's a harmless
> > warning, and can safely be ignored.
>=20
> Thanks for the info, guys.  This mailing list is incredibly friendly and
> useful.
>=20
> I'm glad this isn't going to be a problem.  I don't suppose there's a
> way to get that erroneous subkey signature to go away?  some kind of
> magical revocation certificate that makes the world forget it even
> existed?

No.  Since it is an error, there is nothing in the protocol to
invalidate it.  It is inherently invalid.

Note that GnuPG does remove the invalid signature.  The keyserver is
what keeps trying to put it back, causing the warning message.  This
is proper behavior as GnuPG can check the signature and see that it is
invalid.  The keyserver cannot check, and so does not risk removing a
signature that might be valid.

David

--kbCYTQG2MZjuOjyn
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.2-cvs (GNU/Linux)
Comment: http://www.jabberwocky.com/david/keys.asc

iD8DBQE+tXjt4mZch0nhy8kRAqQFAKDROAneLh59WpyiOZgkHsbRuD5tiQCfVAtI
FtFqRM8kgxlRX6AMA4I3i00=
=XtAn
-----END PGP SIGNATURE-----

--kbCYTQG2MZjuOjyn--