Revocation problem with keyserver

David Shaw dshaw@jabberwocky.com
Wed Apr 24 00:17:01 2002


On Tue, Apr 23, 2002 at 10:09:37PM +0000, Brian M. Carlson wrote:
> On Tue, Apr 23, 2002 at 04:43:11PM -0400, David Shaw wrote:

> > This looks like a classic example of the "keyserver ate my key" bug.
> > Most keyservers on the net today cannot deal with multiple subkeys and
> > will respond by corrupting the key instead.
> > 
> > Hopefully the new generation of keyservers will come along soon and
> > solve this problem.  In the meantime, don't use the keyserver network
> > to distribute your key.

> It isn't necessary to not distribute your key. There are safe
> servers. They are ldap://horowitz.surfnet.nl:11370, which uses the
> PGP Certificate Server (it does not accept ElGamal type 20 keys) and
> x-hkp://gnv.us.ks.cryptnet.net:11371, which is running cksd.

I'm not saying don't distribute your key - I'm saying to provide it in
a non-keyserver place.

The problem with the two or three good keyservers out there are that
they synchronize with the bad ones.  If a key is sent to a bad one
first, then it is likely that the good ones will get a corrupted copy
of the corrupted copy of the key via synchronization.

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson