duplicate keyid survey results

[Hironobu SUZUKI]

Len Sassamann:

1) The thing that comes to mind immediately for me is that you should
allow for a 64-bit key-ID search.

2) The public key servers should do little more than accept, store,
and report data that it contains. Preventing the display of keys with
duplicate IDs steps over that line a bit too much for me.


David Shaw:

3) If a duplicated keyid is requested from the current HKP and NAI
LDAP keyservers, *all* matching keys are returned.  This is the
correct behavior, as it lets the receiving program and the user decide
which (if any) of the returned keys is the right one.

---

1) 64-bit KeyID will be supported. It's easy and no problem in server. 
But I'm wondering how PGP/GPG user know their own 64-bit KeyID.

2) HKP protocol based HTTP/1.0 is not define the waring status for the
found duplicate key. We should define some specifications for
duplicate keys.  This specification is not only problem of public key
server(s) but also problem of OpenPGP client(s) a.k.a PGP and GPG.

3) I think "all matching keys are returned" solution is not a perfect
idea. But I can support it easly for my public key server.  I'd like
to know how about this solution for PGP or GPG.

-- 
Hironobu SUZUKI
E-Mail: hironobu@h2np.net
URL: http://h2np.net