keyserver invents bad signatures :-(

Michael Nahrath gnupg-users@nahrath.de
Wed Dec 11 18:21:02 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

For creating an example for another list I just typed
gpg --keyserver keyserver.kjsl.com --recv-key 9A4C704C
which is my own key.

I was quite astonished that it received 7 new sigs because I haven't
expected any.

gpg --list-sigs 9A4C704C displays the mess (and
<http://keyserver.kjsl.com:11371/pks/lookup?op=vindex&search=0x9A4C704C&fing
erprint=on> confirms it):

I had 7 foreign signatures on my key before I created a third UID last week.
Only one signer (exept myself) has signed the key since, so the new UID
should have only 2 Signatures (including the self-signature).

But now the keyserver displays that all 8 signers have signed my new UID.
I guess because 7 signatures are older than my self-signature GPG marks
those as bad.

I am shure that those other 7 people have not (at least not all of them at
the same time) signed and uploaded my third UID.

I did a gpg --refresh-keys yesterday and then still everything was OK.

I have not uploaded my key since 2002-12-02.

I am running (on MacOS X)

[me@myhost]~$ gpg --version
gpg (GnuPG) 1.3.1
Copyright (C) 2002 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA, ELG
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH
Hash: MD5, SHA1, RIPEMD160, TIGER192
Compress: Uncompressed, ZIP, ZLIB

Jason, please help! I don't want my key bloated with invalid signatures.

Greeting, Michi
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.1 (Darwin)

iEYEARECAAYFAj33dFAACgkQ19dRf5pMcEwCGwCeMMueciFPOaeYJsk6mfOKQdRQ
iIwAniowh+i9bABprFQWMuAZLp2QgClb
=fkFC
-----END PGP SIGNATURE-----ss-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

For creat