Question about fingerprints and keys uploaded to keyservers

gabriel rosenkoetter gr at eclipsed.net
Sat Feb 21 17:08:32 CET 2004 

On Sat, Feb 21, 2004 at 02:52:01PM -0500, David Shaw wrote:
> We did.  keyserver.net is, in fact, horribly broken in many ways (this
> particular problem is just the tip of the iceberg).  It's never worked
> properly.  I mailed them about fixing it a few years ago, but all the
> mail disappeared into a black hole, so I gave up.

That's wonderful, but Newton explicitly stated his key fingerprint
as:

  785F DFF3 7029 3FBD 45CE  747C 93CA E808 136F C036

and that he'd sent the key to subkeys.pgp.net (by implication, in
referencing that he'd sent it to the keyservers "in his signature")...
which has never heard of keyid 136FC036 (as in, the last 64 bits
of the fingerprint).

So, unless you're suggesting that something about subkeys.pgp.net is
also broken, there is something odd going on. Is synchronization
between the various subkeys DNS RR servers flaky right now?

I just tried again:

uriel:~% gpg --recv-key  136FC036
gpg: requesting key 136FC036 from subkeys.pgp.net
gpg: key 136FC036: public key "Newton Hammet (public key for Newton Hammet) <newton at hammet.net>" imported
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)

I have a feeling that I may have just gotten lucky (since I did try
the recv-key several times before I responded the first time).

Newton, you're right about your fingerprint, and it is in subkeys
(somewhere). Did you send your key to subkeys between my two
messages, or had you done so previously?

> What happens here, if you're curious, is that the broken software on
> keyserver.net sees "V4 RSA" and calculates the fingerprint for "V3
> RSA".  That's why it's 32 bits short (and wrong).

I believe I said "32 bytes". I was wrong. David is right. (Of
course.)

> As always, the answer is subkeys.pgp.net.  It Just Works(tm).

In this case, it would appear to have Just Not Worked, at least for
a little while. :^>

-- 
gabriel rosenkoetter
gr at eclipsed.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
Url : /pipermail/attachments/20040221/370b42fe/attachment.bin

More information about the Gnupg-users mailing list