[Sks-devel] Re: Key strangeness

David Shaw dshaw at jabberwocky.com
Sun Feb 8 21:44:18 CET 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sun, Feb 08, 2004 at 03:44:22PM -0500, gabriel rosenkoetter wrote:
> On Sun, Feb 08, 2004 at 03:00:14PM -0500, David Shaw wrote:
> > 1) The problem is not SKS specific, and pgp.mit.edu (a pks
> >    installation) shows the same thing.
> 
> Wouldn't that be the case if the key was propagated from an SKS
> installation to pgp.mit.edu?

Maybe.  It depends how the key is propagated.  Assuming my "normalized
key" theory is true (which has not been proven yet), then the question
becomes whether the key is propagated before or after the
normalization took place.  If before, then things make sense.  If
after, then my theory is likely shot, as a normalized key should have
appeared under the right keyid.

> > 2) Downloading the "bad" key, and then re-submitting it to the
> >    keyserver results in the correct record - i.e. the keyserver is
> >    able to parse the key properly the second time around.
> 
> Doesn't that suggest that the bug in CryptEx is in some internal
> "submit to keyserver" function?

Unlikely.  The original key had self-sigs issued by the wrong keyid.
This strongly suggests a wrong - but internally consistent - program.

David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.5-cvs (GNU/Linux)
Comment: Key available at http://www.jabberwocky.com/david/keys.asc

iHAEARECADEFAkAm9AIqGGh0dHA6Ly93d3cuamFiYmVyd29ja3kuY29tL2Rhdmlk
L2tleXMuYXNjAAoJEOJmXIdJ4cvJP7AAmOWsKyNvMWpgiEEaO1JvR53d4IUAn1ln
lyzsuqOaSfR3jO6YFB3ktOST
=epyI
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list