keyids in signatures getting corrupted, GPG and/or Debian problem?

Jason Harris jharris at widomaker.com
Thu Apr 1 23:56:34 CEST 2004


On Thu, Apr 01, 2004 at 03:34:26PM -0500, David Shaw wrote:
> On Thu, Apr 01, 2004 at 02:32:14PM -0500, Jason Harris wrote:
> > > All of that said, I'm not too worried about this.  It's annoying, but
> > > ultimately harmless.  The corrupt sig will not validate (though the
> > > sig itself is actually good, the bad issuer means the key that issued
> > > it will never be found), so it will be ignored.
> > 
> > Except where the issuer is irrelevant.
> 
> I'm afraid I don't follow that comment.  The issuer is always
> relevant, as it is used to find the key that issued the signature.

As the GPG output in my last message demonstrates, GPG disregards
the issuer in subkey binding signatures.  While the RFC specifies
the issuer be included in subkey binding signatures, it also only
allows for the parent pubkey to issue such signatures.  Therefore,
the issuer of subkey signatures is currently irrelevant, a priori.

-- 
Jason Harris           |  NIC:  JH329, PGP:  This _is_ PGP-signed, isn't it?
jharris at widomaker.com _|_ web:  http://keyserver.kjsl.com/~jharris/
          Got photons?   (TM), (C) 2004
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : /pipermail/attachments/20040401/ae6a15be/attachment.bin


More information about the Gnupg-devel mailing list