Keyservers and subkeys

Jason Harris jharris@widomaker.com
Tue Jul 15 15:24:02 2003


--d6Gm4EdcadzBjdND
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Jul 15, 2003 at 09:38:41AM +0200, Johan Parin wrote:

> I recently made a key with the following structure (used to sign this
> message):
>=20
> 4096R
> 1024D
> 4096g

[NB:  keyserver mailing list CC'd]

The key seems to be:

pub  4096R/FC7A4EF0 2003-06-25 Johan Parin <johan.parin@abc.se>
     Key fingerprint =3D A5EC D7BD FA2F 2CEF 925A  FA8F 7A0C 8365 FC7A 4EF0
sub  1024D/9B2958B0 2003-06-25
     Key fingerprint =3D 9D19 2F66 9919 1012 4BE2  7F07 0570 C490 9B29 58B0
sub  4096g/287E0AFC 2003-06-25
     Key fingerprint =3D 6BE8 8BAC 9B0C FE19 E6F7  745D EA56 7C95 287E 0AFC


pub:-:4096:1:7A0C8365FC7A4EF0:2003-06-25:::-:Johan Parin <johan.parin@abc.s=
e>::scESC:
fpr:::::::::A5ECD7BDFA2F2CEF925AFA8F7A0C8365FC7A4EF0:
sub:-:1024:17:0570C4909B2958B0:2003-06-25::::::s:
fpr:::::::::9D192F66991910124BE27F070570C4909B2958B0:
sub:-:4096:16:EA567C95287E0AFC:2003-06-25::::::e:
fpr:::::::::6BE88BAC9B0CFE19E6F7745DEA567C95287E0AFC:

> I uploaded it to wwwkeys.pgp.net but the encryption key was
> missing. Uploaded it instead to ldap://pgp.surfnet.nl:11370 and now I
> can download it if I search for the primary RSA ID. However, I'm not
> able to download it if searching for the DSA subkey 9B2958B0 (used to
> sign this message), even if I specify the long key ID. I've tried

(You must have hit a SKS keyserver for that because keyserver.kjsl.com
didn't have the signatures for both subkeys until I reuploaded a copy
of your key (from surfnet.nl).  (Yaron has known about this deficiency,
but apparently still needs to correct it.))

Searching ldap://pgp.surfnet.nl:11370 for the subkeys by fingerprint
doesn't work either.  Perhaps this combination of keys and subkeys
triggers a bug.  ldap://keyserver.pgp.com appears to have the same
problem, unfortunately.

> ldap://pgp.surfnet.nl:11370
> ldap://keyserver.pgp.com
> hkp://subkeys.pgp.net
>=20
> Those have been given on this list as servers able to search for
> subkeys.

Normally the LDAP servers can, but the pks and SKS servers behind
hkp://subkeys.pgp.net can't yet search for subkeys, although they
all do store them properly.

--=20
Jason Harris          | NIC:  JH329, PGP:  This _is_ PGP-signed, isn't it?
jharris@widomaker.com | web:  http://jharris.cjb.net/

--d6Gm4EdcadzBjdND
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)

iD8DBQE/FADLSypIl9OdoOMRAq7sAJ0ToskSucJKi26RM9yfEMprDTglGQCfYYWY
RLDhZJ+ZQMUh7zR9pfImuEM=
=hGIy
-----END PGP SIGNATURE-----

--d6Gm4EdcadzBjdND--