dealing with misplaced signatures

Daniel Kahn Gillmor dkg at fifthhorseman.net
Tue Jul 31 00:29:52 CEST 2012


Clint Adams reports in http://bugs.debian.org/683339:

--------------------------
This key has two signatures on a subkey:

http://keys.mayfirst.org/pks/lookup?op=get&search=0xED34CEABE27BAABC

gpg --edit-key will correctly detect them as being in the wrong place,
and move them to another wrong place, unless the uid/uat being moved
to happens to be the target of the signature.

Since sks appears to be buggy, those signatures will remain on the
subkey, and be replaced on a --recv-keys or --refresh.  Then
a subsequent --edit-key will move them again.

It would be nice if something could prevent these things from happening.

--------------------------


The "sks appears to be buggy" remark refers to the fact that sks appears
to allow certain types of signature in places that they don't make sense:

http://bugs.debian.org/683328

This is why sks is willing to return regular identity certification
packets after a subkey binding cert.

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20120730/3a353697/attachment.pgp>


More information about the Gnupg-devel mailing list