Global Directory signatures (was Re: GPG wants to check trustdb every day)

Jason Harris jharris at widomaker.com
Thu Dec 30 18:51:08 CET 2004


On Thu, Dec 30, 2004 at 12:19:45AM -0500, David Shaw wrote:
> On Wed, Dec 29, 2004 at 11:35:12PM -0500, Jason Harris wrote:

> > Good luck.  Each person who signed 0xCA57AD7C and uploaded their
> > signature for others to use:

> > probably disagrees, unless keyserver.pgp.com is now secretly
> > infiltrating its keys into the regular public keyserver network.
> 
> I'm not sure what connection this comment has with the discussion.

> As I said, unless someone is bridging keys intentionally, then the
> GnuPG filter should handle it reasonably well.  (Only "reasonably"
> well because of the overlap in signature dates).

People are "bridging keys[erver networks]."  They have to be downloading
their signed key from the pgp.com keyserver, verifying the signature from
0xCA57AD7C, signing 0xCA57AD7C, and uploading it with their reciprocal
signature to a synchronized keyserver.  (OK, they could be skipping the
first two steps...  :)

http://keyserver.kjsl.com/~jharris/ka/current/CA/CA57AD7C shows 163
signatures to and 120 signatures from 0xCA57AD7C by 2004-12-26. The
report for 2004-12-12 lists 36 signatures to and from 0xCA57AD7C.
All of these keys signed by 0xCA57AD7C made their way from the pgp.com
keyserver to the regular keyservers.  Assuming all signatures from
0xCA57AD7C expire in 14 days, any keys appearing in both reports were
uploaded twice.  OK, 0xF7447263 is the only key common to these two
reports.

NB:  Pulling 0xF7447263 from keyserver.pgp.com just now didn't add a
new sig. by 0xCA57AD7C, so it looks like the 8 day bug/feature is gone.

-- 
Jason Harris           |  NIC:  JH329, PGP:  This _is_ PGP-signed, isn't it?
jharris at widomaker.com _|_ web:  http://keyserver.kjsl.com/~jharris/
          Got photons?   (TM), (C) 2004
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 309 bytes
Desc: not available
Url : /pipermail/attachments/20041230/e045349d/attachment.bin


More information about the Gnupg-users mailing list