Keyserver rejection filter and signing subkeys

Werner Koch wk at gnupg.org
Mon Aug 4 11:47:17 CEST 2014


On Thu, 31 Jul 2014 18:20, dkg at fifthhorseman.net said:

> hm, maybe i'm not understanding the scenario here, but if i request key
> 0xdeadbeef, and that is only available as a subkey, and that subkey is
> bound to multiple primary keys on the keyservers, won't gpg import them all?

As long as the key binding signatures are valid they are all imported
(modulo duplicate long keyid bugs).  Which is expected and correct.

The threat the filter shall stop is that a rogue keyserver returns a
different key than requested.  A wrong subkey is a different thing.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.




More information about the Gnupg-devel mailing list