dealing with misplaced signatures
Georgi Guninski
guninski at guninski.com
Tue Jul 31 07:39:57 CEST 2012
Was the sig of the subkey made with vanilla gpg or was it manipulated?
On Mon, Jul 30, 2012 at 06:29:52PM -0400, Daniel Kahn Gillmor wrote:
> Clint Adams reports in http://bugs.debian.org/683339:
>
> --------------------------
> This key has two signatures on a subkey:
>
> http://keys.mayfirst.org/pks/lookup?op=get&search=0xED34CEABE27BAABC
>
> gpg --edit-key will correctly detect them as being in the wrong place,
> and move them to another wrong place, unless the uid/uat being moved
> to happens to be the target of the signature.
>
> Since sks appears to be buggy, those signatures will remain on the
> subkey, and be replaced on a --recv-keys or --refresh. Then
> a subsequent --edit-key will move them again.
>
> It would be nice if something could prevent these things from happening.
>
> --------------------------
>
>
> The "sks appears to be buggy" remark refers to the fact that sks appears
> to allow certain types of signature in places that they don't make sense:
>
> http://bugs.debian.org/683328
>
> This is why sks is willing to return regular identity certification
> packets after a subkey binding cert.
>
> --dkg
>
> _______________________________________________
> Gnupg-devel mailing list
> Gnupg-devel at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-devel
More information about the Gnupg-devel
mailing list