duplicate keyid survey results
Sat Mar 9 04:28:02 2002
On Fri, 8 Mar 2002, David Shaw wrote:
> I'd even like to be able to search by fingerprint. The way I see it,
> since the 32-bit keyid is just the lowest 32 bits of the fingerprint,
> and the 64-bit keyid is just the lowest 64 bits of the fingerprint,
> the keyserver must calculate the fingerprint no matter what. Since
> it's already calculated, it would be nice to use it.
Yes, this is a good idea.
> > 3) I think "all matching keys are returned" solution is not a perfect
> > idea. But I can support it easly for my public key server. I'd like
> > to know how about this solution for PGP or GPG.
> If you don't think this is the right way to go, what do you suggest as
> an alternative? I think a warning is fine, but not returning one of
> the keys leaves the keyserver open for a denial of service attack.
Agreed -- a warning is warranted, but the key server software shouldn't be
deciding not to report keys simply because they share key-ids with other