keyserver.kjsl.com + photo IDs (Re: GnuPG 1.1.91 released)

David Shaw dshaw@jabberwocky.com
Thu Aug 15 04:36:02 2002


On Wed, Aug 14, 2002 at 09:09:11PM -0400, Jason Harris wrote:
> On Mon, Aug 05, 2002 at 11:30:14AM +0200, Werner Koch wrote:
> 
> > GnuPG 1.1.91 has been released yesterday night.  This is a
> > *development version* aiming for the 1.2 release.  It has a couple of
> > new features and fixes some bugs of course.  There are a few new
> > things, so please read the news below.
> 
> >     * New export option to leave off attribute packets (photo IDs)
> >       during export.  This is useful when exporting to HKP keyservers
> >       which do not understand attribute packets.
> 
> (Partly in response to this,) I just patched keyserver.kjsl.com to discard
> user attribute packets from incoming keys.  Instead of having the entire
> keyblock rejected with the message "error decoding keyblock," keys
> with photo IDs are now accepted with a warning like this:
> 
>   Your key block contained 1 format errors,
>   which were treated as if the erroneous elements
>   hadn't been part of your submission.
>   The last error was on key 0x00000000:
>   Note:  user attribute packet(s) (type 17, photo ID(s)?) ignored.

Rather than discarding them, why not just keep the attribute packets?
You can safely treat them as user IDs with opaque contents.  Just
invent a fake "user ID" string like GnuPG does ("[jpeg image of size
xxxxxx]").

> >     * New import option to repair during import the HKP keyserver
> >       mangling multiple subkeys bug.  Note that this cannot completely
> >       repair the damaged key as some crucial data is removed by the
> >       keyserver, but it does at least give you back one subkey.  This
> >       is on by default for keyserver --recv-keys, and off by default
> >       for regular --import.
> 
> I hope to eventually fix this too.

That would be nice.  Many people have lost keys to this bug, and HKP
keyservers are mostly worthless for serious use because of it.  Even
just a patch to discard any subkeys after the first would be fine, and
a proper fix can come later.

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson