key-keyserver problem?

David Shaw
Wed Jul 17 01:01:02 2002

On Tue, Jul 16, 2002 at 06:18:00PM -0400, Jason Harris wrote:
> On Tue, Jul 16, 2002 at 05:02:52PM -0400, David Shaw wrote:
> > On Tue, Jul 16, 2002 at 04:33:14PM -0400, Jason Harris wrote:
> > > Be aware that 0x401EDF13, being a subkey, isn't found by keyid from
> > > ldap://  You might want to put, at minimum, the
> > > primary keyid in your .sig or email headers.  (Manually fetching the
> > > keyid reported in your PGP signature doesn't work.)
> > 
> > This is not completely correct - the LDAP keyservers can searched by
> > (long) subkey IDs.
> That's good to know.  (GPG typically reports the short keyid, so
> that's what I used (again, with a manual fetch).)

Yes.  Since it only works with long keyids, GnuPG will do a regular
key fetch with a short keyid, and a key+subkey fetch with long keyids
or fingerprints.  You can turn this behavior off with the
keyserver-option "no-include-subkeys" (a new feature in 1.2).

> > Alas, a LDAP keyserver bug prevents subkey searching from working with
> > v4 RSA keys, and it seems NAI isn't going to be fixing minor bugs. :(
> Also good to know (only referring to the bug, that is).  Thanks.

It seems there is a whole group of minor bugs in different programs
surrounding v4 RSA.  Virtually nobody got it right on the first try :(


   David Shaw  |  |  WWW
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson