Duplicated self-signatures on keyservers
Manuel Samper
manuel@samper.dyndns.org
Fri May 16 14:31:04 2003
Hi,
this maybe also a keyserver issue, but I'm sure some keyserver folks are
reading this list, so I will ask here.
I recently created a keypair (fffd5da0), and sent it to public
keyservers. Later, I modified the preferences on their user ids (gpg
--edit-key, setpref and updpref), and sent it again to keyserves. Now,
when I search my key, I see now two self-signatures:
http://keyserver.kjsl.com:11371/pks/lookup?op=vindex&search=0xfffd5da0
But in my keyring I only see one signature, so I made some tests:
$ gpg --export fffd5da0|gpg --no-default-keyring --keyring local.gpg --import
$ gpg --no-default-keyring --keyring servers.gpg --recv-key fffd5da
The self-signatures of the first uid on the local and server keyring
copies:
$ gpg -v -v local.gpg
:public key packet:
version 4, algo 1, created 1052865492, expires 0
pkey[0]: [4096 bits]
pkey[1]: [6 bits]
:user ID packet: "Manuel Samper"
:signature packet: algo 1, keyid AE5F2672FFFD5DA0
version 4, created 1052865494, md5len 0, sigclass 13
digest algo 2, begin of digest 6c 3e
hashed subpkt 27 len 2 (key flags: 03)
hashed subpkt 30 len 2 (features: 01)
hashed subpkt 23 len 2 (key server preferences: 80)
hashed subpkt 25 len 2 (primary user ID)
hashed subpkt 11 len 6 (pref-sym-algos: 8 3 2 7 9)
hashed subpkt 21 len 3 (pref-hash-algos: 3 2)
hashed subpkt 22 len 3 (pref-zip-algos: 2 1)
hashed subpkt 2 len 5 (sig created 2003-05-13)
subpkt 16 len 9 (issuer key ID AE5F2672FFFD5DA0)
data: [4096 bits]
:trust packet: flag=00 sigcache=03
[...]
$ gpg -v -v server.gpg
[same as above, with the below aditional signature]
:signature packet: algo 1, keyid AE5F2672FFFD5DA0
version 4, created 1052865493, md5len 0, sigclass 13
digest algo 2, begin of digest d6 c6
hashed subpkt 27 len 2 (key flags: 03)
hashed subpkt 11 len 5 (pref-sym-algos: 3 2 7 9)
hashed subpkt 21 len 3 (pref-hash-algos: 3 2)
hashed subpkt 22 len 3 (pref-zip-algos: 2 1)
hashed subpkt 30 len 2 (features: 01)
hashed subpkt 23 len 2 (key server preferences: 80)
hashed subpkt 25 len 2 (primary user ID)
hashed subpkt 2 len 5 (sig created 2003-05-13)
subpkt 16 len 9 (issuer key ID AE5F2672FFFD5DA0)
data: [4095 bits]
[...]
Is here anything that I must worry about? Is this the normal behaviour,
or another know keyserver bug?
AFAIK, keyservers merge up everything and don't remove anything, and the
gpg man page states:
updpref Change the preferences of all user IDs (or just of the
selected ones to the current list of preferences. The
timestamp of all affected self-signatures will be advanced by
one second. [...]
So then, every time a userid preference list is updated, another selfsig
is added to the key copy on keyservers? (when uploading the key, of
course)
It's safe to delete others people's duplicated selfigs? (I have seen
some keys with more tha one selfsig, and I wondered at the time why).
And if so, how to determine what's the last one issued? (other than
using "gpg -v -v" on a keyring). It's always the first listed?
Not worried specially about it, just imagining the case of a key bloated
with a bunch of self-signatures... but in that case, it's better to
fetch it directly from their owner and not from the keyservers, I think.
--
Manuel Samper OpenPGP Key ID: FFFD5DA0