[Sks-devel] Re: keyids in signatures getting corrupted, GPG and/or Debian problem?

David Shaw dshaw at jabberwocky.com
Fri Apr 2 00:20:24 CEST 2004

On Thu, Apr 01, 2004 at 04:56:34PM -0500, Jason Harris wrote:
> On Thu, Apr 01, 2004 at 03:34:26PM -0500, David Shaw wrote:
> > On Thu, Apr 01, 2004 at 02:32:14PM -0500, Jason Harris wrote:
> > > > All of that said, I'm not too worried about this.  It's annoying, but
> > > > ultimately harmless.  The corrupt sig will not validate (though the
> > > > sig itself is actually good, the bad issuer means the key that issued
> > > > it will never be found), so it will be ignored.
> > > 
> > > Except where the issuer is irrelevant.
> > 
> > I'm afraid I don't follow that comment.  The issuer is always
> > relevant, as it is used to find the key that issued the signature.
> As the GPG output in my last message demonstrates, GPG disregards
> the issuer in subkey binding signatures.  While the RFC specifies
> the issuer be included in subkey binding signatures, it also only
> allows for the parent pubkey to issue such signatures.  Therefore,
> the issuer of subkey signatures is currently irrelevant, a priori.

There are optimizations done, and there is general good practice.
Don't rely on this.  You'll hurt yourself.


More information about the Gnupg-devel mailing list