Invalid subkey binding

David Shaw
Sun May 4 22:32:02 2003

Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sun, May 04, 2003 at 01:03:23PM -0400, Dennis Lambe Jr. wrote:
> On Sat, 2003-05-03 at 19:04, Jason Harris wrote:
> > Check the verbose (default) listing on and see that
> > a "[keybind, hash: type 2, 6e 50]" signature is present on both subkeys,
> > making it likely to be a duplicate (that is invalid when paired with
> > the wrong subkey).
> On Sat, 2003-05-03 at 20:53, David Shaw wrote:
> > Probably someone sent an update to your key to one of the other
> > keyservers, which garbled it a bit, and re-synched that back to
> >  Basically, one of your subkeys has two signatures
> > on it, only one of which is valid.
> >=20
> > So long as you have both your subkeys (and you do), it's a harmless
> > warning, and can safely be ignored.
> Thanks for the info, guys.  This mailing list is incredibly friendly and
> useful.
> I'm glad this isn't going to be a problem.  I don't suppose there's a
> way to get that erroneous subkey signature to go away?  some kind of
> magical revocation certificate that makes the world forget it even
> existed?

No.  Since it is an error, there is nothing in the protocol to
invalidate it.  It is inherently invalid.

Note that GnuPG does remove the invalid signature.  The keyserver is
what keeps trying to put it back, causing the warning message.  This
is proper behavior as GnuPG can check the signature and see that it is
invalid.  The keyserver cannot check, and so does not risk removing a
signature that might be valid.


Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.3.2-cvs (GNU/Linux)