GnuPG race causes misordered uids?
dshaw at jabberwocky.com
Tue May 6 06:22:01 CEST 2003
-----BEGIN PGP SIGNED MESSAGE-----
On Mon, May 05, 2003 at 08:40:46PM +0200, Marcus Brinkmann wrote:
> I amnot sure if the way the keyring is generated even leads to a
> deterministic order of user IDs. But when I had the order as is in the
> file, and just run the test (without rebuilding the keyring and everything),
> I saw the buggy behaviour.
Okay, I looked at this and what seems to be the problem is that some
of the user IDs were generated in the same second. That foils the
current user ID sorting algorithm.
That may explain the problem you saw, but I think this isn't good
behavior in general for GnuPG. If the "first uid is primary" behavior
is going to be depended on by other programs, then we must guarantee
that this is always true. It doesn't really matter what is used as
the secondary sorting key, so long as it is reliable. I'm tempted to
use the raw signature packet data - it's easily accessible, and is
absurdly unlikely to collide.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the Gnupg-devel