1 files changed, 21 insertions, 0 deletions

diff --git a/website/bugs/monkeysphere-gen-subkey-treats-revoked-auth-subkey-as-valid.mdwn b/website/bugs/monkeysphere-gen-subkey-treats-revoked-auth-subkey-as-valid.mdwn
new file mode 100644
index 0000000..8181437
--- /dev/null
+++ b/website/bugs/monkeysphere-gen-subkey-treats-revoked-auth-subkey-as-valid.mdwn
@@ -0,0 +1,21 @@
+If you have a revoked authentication subkey in your keyring,
+monkeysphere gen-subkey thinks that I have an authentication subkey
+already, which I do, but it probably shouldn't care about it, since it
+is revoked:
+
+     	 21:30@pond> monkeysphere gen-subkey F67E2A5D1CF2D62A
+	 An authentication subkey already exists for key 'F67E2A5D1CF2D62A'.
+	 Are you sure you would like to generate another one? (y/N) 
+
+However: this key was revoked on 2008-04-28 by DSA key 1CF2D62A Micah Anderson <micah@riseup.net>
+	 sub  1024R/866F47D3  created: 2008-02-25  revoked: 2008-04-28  usage: A   
+
+I can continue to create a new authorization subkey, so its not a
+blocker or anything (I suppose I could also delete the revoked key
+from my keyring as well, although thats less than ideal).
+
+It seems like the secret keyring doesn't mention that it has been
+revoked, so probably monkeysphere needs to be looking at gpg's
+computed validity from the public keyring instead of the secret
+keyring to be able to get the "r" flag from field 2, in addition to
+the "e" flag from field 12.