Trouble with keyservers
David Shaw
dshaw at jabberwocky.com
Mon Oct 22 13:53:00 CEST 2007
On Sun, Oct 21, 2007 at 09:45:56PM -0700, Doug Barton wrote:
> On Sun, 21 Oct 2007, David Shaw wrote:
>
> > Or to be more accurate, you DO have a key for encryption, but the
> > keyserver isn't storing it. This is a well-known keyserver bug with
> > the pksd keyserver software,
>
> Out of curiosity, what software are the subkeys.pgp.net servers running?
> I've had pretty good luck with that pool but I would hate to think I'm not
> getting the complete picture. (Not to mention if I ever decide to generate
> a key with subkeys ...)
subkeys.pgp.net is running a mix of sks and pksd. The history of pgp
keyservers is a little messy, but essentially subkeys.pgp.net means
"won't destroy your key with multiple subkeys" and not "stores the
complete key and all subkeys". The distinction is crucial. ;)
I suspect the reason this hasn't been a bigger problem is that most
people have only one subkey, so they never see this.
> > but many sites refuse to stop running it, despite this and other bugs.
> > If you use a keyerver running sks software, you'll be fine. I believe
> > that pool.sks-keyservers.net has only sks servers in its mix.
>
> Is there a way for us to tell that remotely?
One way is to add "--keyserver-options debug" to your command when you
hit a keyserver. GPG will print out some information, including a
line like:
Server: sks_www/1.0.10
Server: pks_www/0.9.6
sks is sks, and pks is pksd.
David
More information about the Gnupg-users
mailing list