On 23.06.20 09:56, Jeffrey Walton wrote:
[...]
A signature applied during a valid key period is still good. For those
following a key rotation scheme, no new signatures should occur after
the key expires.
I agree. I have a related issue in my Thunderbird MUA. It keeps stating
that, the - perfectly valid - signatures of signed messages I sent or
received and that were created with a - now expired - X.509 certificate
and private key, are invalid. Instead of verifying against my still
existing private key in the MUA's keystore.