Keyserver rejection filter and signing subkeys
Werner Koch
wk at gnupg.org
Mon Aug 4 11:47:17 CEST 2014
On Thu, 31 Jul 2014 18:20, dkg at fifthhorseman.net said:
> hm, maybe i'm not understanding the scenario here, but if i request key
> 0xdeadbeef, and that is only available as a subkey, and that subkey is
> bound to multiple primary keys on the keyservers, won't gpg import them all?
As long as the key binding signatures are valid they are all imported
(modulo duplicate long keyid bugs). Which is expected and correct.
The threat the filter shall stop is that a rogue keyserver returns a
different key than requested. A wrong subkey is a different thing.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-devel
mailing list