keyserver invents bad signatures :-(

Jason Harris jharris@widomaker.com
Thu Dec 12 11:50:29 2002


--uAKRQypu60I7Lcqm
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Dec 11, 2002 at 06:22:13PM +0100, Michael Nahrath wrote:

> For creating an example for another list I just typed
> gpg --keyserver keyserver.kjsl.com --recv-key 9A4C704C
> which is my own key.
>=20
> I was quite astonished that it received 7 new sigs because I haven't
> expected any.
>=20
> gpg --list-sigs 9A4C704C displays the mess (and
> <http://keyserver.kjsl.com:11371/pks/lookup?op=3Dvindex&search=3D0x9A4C70=
4C&fing
> erprint=3Don> confirms it):
>=20
> I had 7 foreign signatures on my key before I created a third UID last we=
ek.
> Only one signer (exept myself) has signed the key since, so the new UID
> should have only 2 Signatures (including the self-signature).

[NB:  I'm moving this from gnupg-users to the keyserver list.]

OK.

> But now the keyserver displays that all 8 signers have signed my new UID.
> I guess because 7 signatures are older than my self-signature GPG marks
> those as bad.

Probably not; it didn't issue warnings about time conflicts or mark the
signatures with "%" (percent signs) to indicate such.

> Jason, please help! I don't want my key bloated with invalid signatures.

Here's what I've got:   (good thing Javier hasn't trimmed the logfile  :)
(all times in TZ=3DPST8PDT)

Nov 30 06:24:46 skylane pksd[41062]: pksd: listener [www]: new www connecti=
on from 80.134.19.161
Nov 30 06:24:50 skylane pksd[41062]: pksd: reader [www]: request received: =
POST /pks/add
Nov 30 06:24:50 skylane pksd[41062]: pksd: display_new_userid: new userid 1=
 on keyid 9A4C704C: Michael Nahrath <min@hostsharing.net>


^^^ Probably your upload.  ^^^


Dec  2 15:20:19 skylane pksd[41062]: pksd: listener [www]: new www connecti=
on from 217.227.74.39
Dec  2 15:20:21 skylane pksd[41062]: pksd: reader [www]: request received: =
POST /pks/add
Dec  2 15:20:21 skylane pksd[41062]: pksd: kd_add: flags=3D100000
Dec  2 15:20:21 skylane pksd[41062]: pksd: display_new_sig: new sig 1 by A4=
FBE959 added to 9A4C704C Michael Nahrath <michael@nahra...
Dec  2 15:20:21 skylane pksd[41062]: pksd: display_new_sig: new sig 2 by A4=
FBE959 added to 9A4C704C Michael Nahrath <min@hostshari...
Dec  2 15:20:21 skylane pksd[41062]: pksd: display_new_sig: new sig 3 by A4=
FBE959 added to 9A4C704C Michael Nahrath <subotnik@gmx....


^^^ These are the good signatures. ^^^


Dec  9 20:53:00 skylane pksd[41062]: pksd: mail_req: request received from =
Server Administrator <pks-admin@keys.nl.pgp.net>: incremental
Dec  9 20:53:02 skylane pksd[41062]: pksd: display_new_sig: new sig 24 by C=
86668A4 added to 9A4C704C Michael Nahrath <min@hostshari...
Dec  9 20:53:02 skylane pksd[41062]: pksd: display_new_sig: new sig 25 by 7=
8F5E034 added to 9A4C704C Michael Nahrath <min@hostshari...
Dec  9 20:53:02 skylane pksd[41062]: pksd: display_new_sig: new sig 26 by E=
0E0A986 added to 9A4C704C Michael Nahrath <min@hostshari...
Dec  9 20:53:02 skylane pksd[41062]: pksd: display_new_sig: new sig 27 by 8=
03A0F43 added to 9A4C704C Michael Nahrath <min@hostshari...
Dec  9 20:53:02 skylane pksd[41062]: pksd: display_new_sig: new sig 28 by A=
8F05CE4 added to 9A4C704C Michael Nahrath <min@hostshari...
Dec  9 20:53:02 skylane pksd[41062]: pksd: display_new_sig: new sig 29 by B=
3B2A12C added to 9A4C704C Michael Nahrath <min@hostshari...
Dec  9 20:53:02 skylane pksd[41062]: pksd: display_new_sig: new sig 30 by 3=
26CFCD5 added to 9A4C704C Michael Nahrath <min@hostshari...

^^^  These are the 7 bad signatures. ^^^

So, we have to turn this over the the .nl server admin, Teun.  He gets
syncs from a lot of other servers too, so we may have to repeat this
procedure until someone finds the IP address which POSTed or the
(claimed) From: address which emailed your key updates.


> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.3.1 (Darwin)
>=20
> iEYEARECAAYFAj33dFAACgkQ19dRf5pMcEwCGwCeMMueciFPOaeYJsk6mfOKQdRQ
> iIwAniowh+i9bABprFQWMuAZLp2QgClb
> =3DfkFC
> -----END PGP SIGNATURE-----ss-----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1

^^^ BTW, your signatures are coming across like this, slightly hosed. ^^^

--=20
Jason Harris          | NIC:  JH329, PGP:  This _is_ PGP-signed, isn't it?
jharris@widomaker.com | web:  http://jharris.cjb.net/

--uAKRQypu60I7Lcqm
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)

iD8DBQE9942mSypIl9OdoOMRAnvmAJ9CD8yOEDi/kTvN0w1RRMx6zPdzJQCgz+6l
TJ1eLcRQ+8jiHBl0lzhIjg0=
=3P2q
-----END PGP SIGNATURE-----

--uAKRQypu60I7Lcqm--