Keyserver rejection filter and signing subkeys
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Thu Jul 31 18:20:33 CEST 2014
On 07/30/2014 08:43 AM, Werner Koch wrote:
> On Wed, 30 Jul 2014 11:00, kristian.fiskerstrand at sumptuouscapital.com
> said:
>
>>> verify the key binding you would import a foreign key while
>>> verifying a signature done with the faked subkey.
>>
>> Indeed, and the purpose of the filter is partly to protect against
>> mallicious keyservers, so even if the "good" keyservers implements
>> this[1] it can't be trusted.
>
> Actually this is not a problem because gpg won't import that subkey due
> to the missing key binding.
hm, maybe i'm not understanding the scenario here, but if i request key
0xdeadbeef, and that is only available as a subkey, and that subkey is
bound to multiple primary keys on the keyservers, won't gpg import them all?
let's set aside the concern about treating that subkey as a signing- or
certification-capable subkey, which should require cross-certification
in normal configurations. That constraint can be avoided by attaching
the key with other usage flags, right?
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20140731/273a069f/attachment.sig>
More information about the Gnupg-devel
mailing list