Automatic resyncing of keys?
Florian Weimer
Weimer@CERT.Uni-Stuttgart.DE
Sat May 4 22:42:02 2002
David Shaw <dshaw@jabberwocky.com> writes:
>> --refresh-keys seems to import new keys with the same user ID as
>> present keys, BTW.
>
> Are you using 1.0.6e? Can you show me an example?
It happens with 1.0.7a-cvs, too.
> I don't doubt you, but it's hard to imagine how this could be since
> the keyservers work on numerical key ids, and GnuPG naturally couldn't
> know the keyid of a key that wasn't already in its keyring.
Key IDs can collide (especially 32 bit ones). :-/
> Is it possible what you saw what a new user ID showing up on an
> existing key?
No, the summary at the end clearly shows 'Imported: 1', and the
additional key shows up in the key ring.
If you want to experiment, you can use the 0xdeadbeef keys (but you
have to specify --allow-non-selfsigned-uid because two of them lack a
proper self-signature).
There's even a web page with further candidates for experiments:
http://galileo.spaceports.com/~jharris/duplicate_keyids.html
--
Florian Weimer Weimer@CERT.Uni-Stuttgart.DE
University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT +49-711-685-5973/fax +49-711-685-5898