duplicate keyid survey results
Sat Mar 9 07:42:01 2002
> It is easy to make even a duplicate 64-bit keyid.
Step 0: If you use 32bit keyid, move Step 1. If 64bit keyid, move
Step 1: If you try to get a key by 32bit keyid but found duplicate keys,
move Step 2 or Step 3 which you wish.
Step 2: If you try to get a key by 64bit keyid but found duplicate
keys, move Step 3 or Step 4 which you wish.
If 32bit duplicate keyid was generated by accidentally,
64bit keyid searching will help most of them.
Step 3: Use Web interface and check a list of keyids combined
fingerprints. Select one key and database will return actual
key (using database OID). Users must be patients. So, some
people like me move to Step 4.
Step 4: Ask an actual public key for the key owner or get an public
key from owner's web page.
> then that is a (mild) denial of service as well.
Yes, I know it. Please remember that the concept of "Web of Trust"
doesn't need any keyserver nor certificate authority. "No keyserver"