Adding new UID problems.

David Shaw dshaw@jabberwocky.com
Wed Jun 4 20:04:02 2003 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, Jun 04, 2003 at 05:38:40PM +0100, Stewart V. Wright wrote:

> Looking at the output on one of the web interfaces I've noticed the
> following binding on my sub keys...
> 
>   sub  1024/246383E6 2003-05-14            
>   sig sbind B3334559 2003-05-14 __________ 2005-05-13 []
>   
>   sub  1024/35DB7472 2003-05-14            
>   sig sbind B3334559 2003-05-14 __________ 2005-05-13 []
>   sig sbind B3334559 2003-05-14 __________ 2005-05-13 []
>   
>   sub  2048/A11D9315 2003-05-14            
>   sig sbind B3334559 2003-05-14 __________ 2005-05-13 []
>   sig sbind B3334559 2003-05-14 __________ 2005-05-13 []
> 
> 
> Surely though this multiple sbind problem should have appeared when I
> first created the subkeys (2003-05-14) and not be rearing its head
> now.

No.  Your key was slightly mangled by one of the keyservers.  I've
seen keyserver.kjsl.com do that in the past, but it is not clear if it
is a problem in keyserver.kjsl.com itself or in interaction with a
different server.  Once any server does it, though, all servers learn
it via sync.

The good thing is you can ignore it.  It's a harmless warning.

The keyserver situation in the OpenPGP world is tragically, comically
bad.  GnuPG does the right thing.  PGP does the right thing.  Fewer
than 1 in 5 keyservers do the right thing, and unfortunately, the good
servers sync with the broken ones so the damage is spread far and wide
when a bad server causes a problem.  Thankfully most damage, like your
example, is just an annoyance.

I would be thrilled if one keyserver operator chose to run a working
keyserver, and refused to sync with anyone who was running a broken
one.  I'd use that "mini network" in a heartbeat.  In the meantime,
I've given up and just started giving people a URL to a copy of my key
on my web page.  There is an OpenPGP feature that allows a user to
embed the URL to a key inside signatures.  I plan to add support for
that in GnuPG as well.

David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.3-cvs (GNU/Linux)
Comment: Key available at http://www.jabberwocky.com/david/keys.asc

iD8DBQE+3jTV4mZch0nhy8kRAnhbAJ0fDMbavUAIsqCaKL4u2UcetcWimACgwT06
VrtAfHV4K57MgSCh6c1UBSc=
=M+FL
-----END PGP SIGNATURE-----