Duplicated self-signatures on keyservers

Jason Harris jharris@widomaker.com
Fri May 16 20:12:02 2003


--AH+kv8CCoFf6qPuz
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, May 16, 2003 at 02:31:57PM +0200, Manuel Samper wrote:

> I recently created a keypair (fffd5da0), and sent it to public
> keyservers.  Later, I modified the preferences on their user ids (gpg
> --edit-key, setpref and updpref), and sent it again to keyserves.  Now,
> when I search my key, I see now two self-signatures:=20
> http://keyserver.kjsl.com:11371/pks/lookup?op=3Dvindex&search=3D0xfffd5da0

keyserver.kjsl.com and newer pks keyservers (I think my keyserver list
is current enough to show them all, see my website), as well as the LDAP
and SKS (http://sks.sf.net/), and perhaps OKS (keyserver.net), keyservers
store all versions of all signatures.

> AFAIK, keyservers merge up everything and don't remove anything, and the

Older pks keyservers keep only the most recent signature.

> Not worried specially about it, just imagining the case of a key bloated
> with a bunch of self-signatures...  but in that case, it's better to
> fetch it directly from their owner and not from the keyservers, I think.

Use the older pks servers then, until you find a key with a bad selfsig
and want to see what other selfsigs are available on the keyservers that
keep all signatures.

--=20
Jason Harris          | NIC:  JH329, PGP:  This _is_ PGP-signed, isn't it?
jharris@widomaker.com | web:  http://jharris.cjb.net/

--AH+kv8CCoFf6qPuz
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)

iD8DBQE+xSnNSypIl9OdoOMRAohdAKDXDnAaJGvAyVpcFVuUv8HV6CYI3wCgstBc
46uDoLj24QNMuSBTYPfoNww=
=sUK1
-----END PGP SIGNATURE-----

--AH+kv8CCoFf6qPuz--