Keyservers mangle with subkey binding sigs

Charly Avital shavital at
Sat Jan 19 18:31:44 CET 2008

Vlad "SATtva" Miller wrote the following on 1/19/08 8:38 AM:

> So here's an explicit distinction between what we got from a keyserver
> and from the gpg output.

As far as I am concerned, that's  what I got from the keyserver I used, 

I believe <steffenjan at> posted that:
"I'm not too deep into subkeys, but I just downloaded your key 
0x8443620A from a keyserver and it had tow subkeys 0x070E0B73 and 
0x7D57ED51 both valid till 1.1.2010.
But the self-signs on all the different Sub-IDs are expired on 5.1.2008.
All this didn't change when I imported the key from

So my hint is to sign all the IDs too."

> [snip]
>> In my system now:
>> I have not signed your key
> And you should not.

Thank you for telling me what I should not, I know the protocol.

There is such a thing named 'local sign', that makes a local signature 
non-exportable, not that I intend to upload your key, that just isn't done.

As I indicated in my complete post, I signed (local signature) just in 
order to find out whether it would make the interrogation point on your 
*second* "photo" go away, which it didn't, not unexpectedly.

Best regards,

More information about the Gnupg-users mailing list