Duplicated self-signatures on keyservers
David Shaw
dshaw@jabberwocky.com
Sat May 17 16:35:02 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sat, May 17, 2003 at 03:22:22PM +0200, Manuel Samper wrote:
> On Sat, May 17, 2003 at 05:53 CEST, David Shaw wrote:
> > On Fri, May 16, 2003 at 11:49:33PM +0200, Manuel Samper wrote:
> > > Thinking about this (and that's where gpg come into play), if older
> > > versions of self-signatures are of no practical use, and may only bloat
> > > the public key, it should be stripped at download time by the
> > > "keyclient" (gpg in our case), although it are preserved in the
> > > keyserver for some reasons (you should known better).
> >
> > Yes, that is what happens now. GnuPG automatically strips an older
> > self signature if a newer valid self signature is already available.
>
> Not if you retrieve a new key (at least with gpg 1.2.1; perhaps it's
> different in 1.2.2):
Yes, that is correct. The signature check only happens when an
existing signature (and hence an existing key) is already in your
keyring.
David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3-cvs (GNU/Linux)
Comment: http://www.jabberwocky.com/david/keys.asc
iD8DBQE+xkiS4mZch0nhy8kRArKuAJ0W7a+SdFGnESFi6u4IE7FQUf7JmwCg1o8P
ONsByR6XCYmSjXtdQkEfarU=
=hffT
-----END PGP SIGNATURE-----