Rare condition incompatibility of public key

[David Shaw]

On Nov 30, 2008, at 2:19 PM, Myckel Habets wrote:

> Hello list,
>
> Last week I had contact with someone who said that my public key was
> "bad" according his validation program. I've mailed with many people
> before while using this key, but he was the first to tell me that.  
> When
> I checked with a friend he said that the key was valid for him.
>
> The key was created in 2005 and at creation time I added an expiration
> date of the same day 2 years later. However within some time I thought
> this was not really needed, so I removed that expiration date (gpg let
> me do that, so I thought it was ok) and kept using that key without  
> any
> problems.
>
> Currently my key looks like this:
>
> pub  1024D/9A3D206F  created: 2005-12-10  expires: never        
> usage: SC
>                     trust: ultimate      validity: ultimate
> sub  2048g/D5904978  created: 2005-12-10  expires: never        
> usage: E
> [ultimate] (1). Myckel Habets (E-mail key) <myckel at sdf.lonestar.org>
>
> The person who said to me that the key validates as bad uses the  
> PGPkeys
> program from the PGP corporation software (version 6.58, last version
> that was released when Phil Zimmerman worked there, he doesn't trust
> later versions) to do the validation.
>
> To sum this up I have two questions:
>
> 1) What is causing this problem? Is my key really bad or is this an
> incompatibility between PGPkeys version 6.58 and GPG?

Incompatibility.  PGP 6.5.8 is too old for use in the modern age.   
Yes, you can more or less make things work properly by persuading  
everyone you communicate with to downgrade their clients, but even so  
6.5.8 will occasionally pull the rug out from under you.  This is one  
of those times.

> 2) Do I need to create new keys and revoke this key?

No.  You need to tell your friend to upgrade.  6.5.8 predates OpenPGP,  
and will thus have problems interoperating with most of the modern  
clients (including PGP).

David