Signature packets without (whatever)
David Shaw
dshaw at jabberwocky.com
Tue Oct 25 23:56:05 CEST 2005
On Tue, Oct 25, 2005 at 11:49:12AM -0700, Doug Barton wrote:
> > I got this when I retrieved the PGP GD key via hkp.
> > REmoving this key from my keyring was enough to suppress those
> > messages.
>
> I had a similar problem with the version of the key that I received from
> hkp. I downloaded the key from http://keyserver.pgp.com/ and imported it by
> hand, and didn't have these problems any more.
Yes. The PGP GD key that's on the HKP network is riddled with
garbage. Getting it from ldap://keyserver.pgp.com (or manually via
HTTP as you did) is the right thing to do.
It actually revealing interesting key use data: the copy on
keyserver.pgp.com is the "real" copy, with only the signatures that
the PGP company put there. The copy on the HKP net has a few hundred
other signatures... some, no doubt, in error. You could probably
regard most of the difference between the two sets as people who
didn't use local signatures, but should have. Judging by the number
of signature revocations attached to that key, some people did realize
their error, but too late.
David
More information about the Gnupg-users
mailing list