Revocation problem with keyserver

David Shaw
Wed Apr 24 00:17:01 2002

On Tue, Apr 23, 2002 at 10:09:37PM +0000, Brian M. Carlson wrote:
> On Tue, Apr 23, 2002 at 04:43:11PM -0400, David Shaw wrote:

> > This looks like a classic example of the "keyserver ate my key" bug.
> > Most keyservers on the net today cannot deal with multiple subkeys and
> > will respond by corrupting the key instead.
> > 
> > Hopefully the new generation of keyservers will come along soon and
> > solve this problem.  In the meantime, don't use the keyserver network
> > to distribute your key.

> It isn't necessary to not distribute your key. There are safe
> servers. They are ldap://, which uses the
> PGP Certificate Server (it does not accept ElGamal type 20 keys) and
> x-hkp://, which is running cksd.

I'm not saying don't distribute your key - I'm saying to provide it in
a non-keyserver place.

The problem with the two or three good keyservers out there are that
they synchronize with the bad ones.  If a key is sent to a bad one
first, then it is likely that the good ones will get a corrupted copy
of the corrupted copy of the key via synchronization.


   David Shaw  |  |  WWW
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson