Automatic resyncing of keys?

David Shaw dshaw@jabberwocky.com
Sat May 4 22:56:01 2002


On Sat, May 04, 2002 at 10:43:21PM +0200, Florian Weimer wrote:
> David Shaw <dshaw@jabberwocky.com> writes:
> 
> >> --refresh-keys seems to import new keys with the same user ID as
> >> present keys, BTW.
> >
> > Are you using 1.0.6e?  Can you show me an example?
> 
> It happens with 1.0.7a-cvs, too.
> 
> > I don't doubt you, but it's hard to imagine how this could be since
> > the keyservers work on numerical key ids, and GnuPG naturally couldn't
> > know the keyid of a key that wasn't already in its keyring.
> 
> Key IDs can collide (especially 32 bit ones). :-/

That's not a bug.  That's inherent in the design of the keyservers.
If a program asks for "X" and two keys have key ID "X", then you get
them both.  Nothing can be done about that.  Of course, you won't have
any trust in the other key.

GnuPG will use the maximum key ID size it can.  If you are using
--refresh with a LDAP keyserver, it uses the 64-bit key ID which makes
this sort of thing much less likely.  Of course, there is only one
LDAP keyserver left for public use.

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson