Keyserver rejection filter and signing subkeys

Daniel Kahn Gillmor dkg at
Thu Jul 31 18:20:33 CEST 2014

On 07/30/2014 08:43 AM, Werner Koch wrote:
> On Wed, 30 Jul 2014 11:00, kristian.fiskerstrand at
> said:
>>> verify the key binding you would import a foreign key while
>>> verifying a signature done with the faked subkey.
>> Indeed, and the purpose of the filter is partly to protect against
>> mallicious keyservers, so even if the "good" keyservers implements
>> this[1]  it can't be trusted.
> Actually this is not a problem because gpg won't import that subkey due
> to the missing key binding.

hm, maybe i'm not understanding the scenario here, but if i request key
0xdeadbeef, and that is only available as a subkey, and that subkey is
bound to multiple primary keys on the keyservers, won't gpg import them all?

let's set aside the concern about treating that subkey as a signing- or
certification-capable subkey, which should require cross-certification
in normal configurations.  That constraint can be avoided by attaching
the key with other usage flags, right?


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20140731/273a069f/attachment.sig>

More information about the Gnupg-devel mailing list