Revocation problem with keyserver
David Shaw
dshaw@jabberwocky.com
Wed Apr 24 00:17:01 2002
On Tue, Apr 23, 2002 at 10:09:37PM +0000, Brian M. Carlson wrote:
> On Tue, Apr 23, 2002 at 04:43:11PM -0400, David Shaw wrote:
> > This looks like a classic example of the "keyserver ate my key" bug.
> > Most keyservers on the net today cannot deal with multiple subkeys and
> > will respond by corrupting the key instead.
> >
> > Hopefully the new generation of keyservers will come along soon and
> > solve this problem. In the meantime, don't use the keyserver network
> > to distribute your key.
> It isn't necessary to not distribute your key. There are safe
> servers. They are ldap://horowitz.surfnet.nl:11370, which uses the
> PGP Certificate Server (it does not accept ElGamal type 20 keys) and
> x-hkp://gnv.us.ks.cryptnet.net:11371, which is running cksd.
I'm not saying don't distribute your key - I'm saying to provide it in
a non-keyserver place.
The problem with the two or three good keyservers out there are that
they synchronize with the bad ones. If a key is sent to a bad one
first, then it is likely that the good ones will get a corrupted copy
of the corrupted copy of the key via synchronization.
David
--
David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson