"invalid subkey binding"

David Shaw dshaw@jabberwocky.com
Tue Jun 11 16:32:01 2002

On Tue, Jun 11, 2002 at 08:55:05AM -0500, David T-G wrote:
> ...and then David Shaw said...

> % > I imagine that Michael has a subkey on his key and wouldn't be surprised
> % > to see the keyserver puke on it, from what I've heard, but this message
> % > gives the impression that gnupg is unhappy with it.  If that's the case,
> % > why should that be?
> % 
> % This is an example of the keyserver corrupting keys with multiple
> % subkeys.  GnuPG is unhappy with the key because it is missing one of
> Ahhh...  I get it; the keyserver puked on it and now is handing out not
> what the keys says it should be.
> Phooey on the key server twice, then!
> When I have tried to go to ldap keyservers (directed by your(?) posts
> saying that they *can* handle "modern" keys) I've gotten no response.  Do
> you know of any reliable ldap servers that I can bump up to my primary
> keyserver so that I can get whole keys?

As far as I know, the only remaining public LDAP keyserver is
ldap://pgp.surfnet.nl:11370.  The pgp.com folks ran one for a while,
but it is now down.

There are also a few HKP (HTTP) based servers coming on the horizon
that don't have the bug.

Unfortunately, you can't guarantee that using a LDAP keyserver will
give you uncorrupted keys.  Since all the keyservers eventually sync
to each other, if the key was originally uploaded to a keyserver with
the bug, then every other server (including the LDAP ones) will learn
the corrupted copy since that it what the buggy keyserver sends out.
If the key was originally uploaded to the LDAP keyserver, then you
stand a better chance.


   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson