How to submit the primary uid to keyserver?
Jason Harris
jharris@widomaker.com
Fri Jul 25 20:06:02 2003
--lCFQJunhLz1tFGpX
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Fri, Jul 25, 2003 at 07:06:26PM +0200, Andre Steinert wrote:
> I created a key with the uid "Andre Steinert <andre@steinertnet.de>". The=
n I
> added the uid "Andre Steinert <a.steinert@tu-bs.de>" but didn't noticed t=
hat
> this one has become the primary uid. I exported the key to the keyservers.
>=20
> To let the first uid be the primary uid, I used the GnuPG-functions "uid
> {x}" and "primary". After doing this, the right uid was the primary one. I
> exported the key to the keyservers, again.
>=20
> Now, the keyservers still show my last added uid as the primary one and n=
ot
> the first :-(. What can I do?
(0x3EED0F7E appears to be the key.)
Deleting all non-primary userids and uploading the key to a pks keyserver
will reorder the userids to make the remaining one be first on the key.
This change won't propagate to other keyservers, however, so you'd have
to upload the stripped key manually to each pks keyserver you wanted to
influence.
sks.dnsalias.net _displays_ your key with your desired userid first, but
that is because it (apparently) displays and (definitely) hashes keys with
userids in sorted order. Downloading and inspecting the key shows the
ordering to be reversed, however.
But, even changing the ordering of userids on the pks servers is temporary.
Downloading your key from sks.dnsalias.net and reuploading it to
keyserver.kjsl.com, after I had switched the ordering on kjsl.com,
reverted your userids to the undesired ordering, for example. Anyone
who uploads your key with the undesired ordering, or perhaps even with
the desired ordering to a keyserver that performs its own userid sorting,
will change the ordering on all pks servers involved.
Keyservers won't be able to reliably honor primary userid preferences
until they integrate cryptography, so it is currently best to rely on
your client program (GPG) to cryptographically verify which userid is
the preferred one (and disambiguate using timestamps, when necessary).
--=20
Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it?
jharris@widomaker.com | web: http://jharris.cjb.net/
--lCFQJunhLz1tFGpX
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)
iD8DBQE/IXHNSypIl9OdoOMRAlQfAJ9apaXfuG4M/rbcDI+GS7WdvgX4gACg11mf
i8Tf9Jm9I+PzX3D2bCJlDvc=
=EIgr
-----END PGP SIGNATURE-----
--lCFQJunhLz1tFGpX--