Automatic resyncing of keys?

Florian Weimer Weimer@CERT.Uni-Stuttgart.DE
Sun May 5 11:22:02 2002

David Shaw <> writes:

>> Key IDs can collide (especially 32 bit ones). :-/
> That's not a bug.  That's inherent in the design of the keyservers.
> If a program asks for "X" and two keys have key ID "X", then you get
> them both.  Nothing can be done about that.  Of course, you won't have
> any trust in the other key.

Yes, of course, but I don't think it's desirable that --refresh-keys
imports new keys.  GnuPG can do nothing about receiving these
additional keys, but the correct approach would be to discard the
unwanted ones.

> GnuPG will use the maximum key ID size it can.  If you are using
> --refresh with a LDAP keyserver, it uses the 64-bit key ID which makes
> this sort of thing much less likely.  Of course, there is only one
> LDAP keyserver left for public use.

It's not too hard to make colliding 64 bit IDs for V3 keys.

Florian Weimer 	                  Weimer@CERT.Uni-Stuttgart.DE
University of Stuttgart           http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT                          +49-711-685-5973/fax +49-711-685-5898