dealing with misplaced signatures

David Shaw dshaw at jabberwocky.com
Wed Aug 1 19:12:01 CEST 2012


On Aug 1, 2012, at 12:33 PM, Daniel Kahn Gillmor wrote:

> On 08/01/2012 12:44 AM, David Shaw wrote:
>> hiding the packets is potentially harmful.  [...] 
>> hiding the packets from GPG prevents this repair from happening.
>> After all, if GPG doesn't get the packets, it can't move them to the
> right place.  > This means the signatures are effectively lost,
> 
> fwiw, in the cases where i've seen this, the packets in question are
> *already* in the correct place, they just happen to *also* be in the
> incorrect place, causing noise.
> 
> We don't support "fixing" the problem where someone submits a signature
> packet after the wrong User ID, or attached to the wrong key entirely,
> and i don't believe we should.

I don't think anyone here has suggested that the keyservers repair anything.  For a start, they're not capable of it.

The question is whether the keyservers should hide obviously incorrect things when passing keys back to clients, or pass back complete keys, including the obviously incorrect things.  My point is that if you expect GPG to be able to fix a broken key, you need to pass back all the data, or GPG has nothing to work from.  If you are stating that in every case of this corruption that the bad packets always exist in at least two places, and at least one of these is in the correct place, then why are we having this discussion?  Drop the packets and be done with it.

David




More information about the Gnupg-devel mailing list