Keyservers mangle with subkey binding sigs

Vlad "SATtva" Miller sattva at pgpru.com
Sat Jan 19 13:08:30 CET 2008 

Simon Josefsson wrote on 19.01.2008 17:15:
> "Vlad \"SATtva\" Miller" <sattva at pgpru.com> writes:
[snip]
>> If I understand this correctly and not missing something terribly here,
>> keyservers just looked at newly uploaded key, thought "huh? I already
>> have that subkey in place, and this 0x18 sig too!", and discarded it
>> without going into much trouble of analyzing any binding sigs'
>> timestamps (maybe marking them as duplicates).
>>
>> Could anyone confirm this behavior?
> 
> I had similar problems with many key servers, until I switched to
> subkeys.pgp.net which is (if I understand correctly) documented to only
> point to key servers with full subkey support.

subkeys.pgp.net is the first server I send keys to. However, as you can
see, it's subkeys support isn't enough:
http://subkeys.pgp.net:11371/pks/lookup?search=0x8443620A&op=vindex

sub  2048R/070E0B73 2006-12-21
sig sbind  8443620A 2006-12-21 __________ 2007-12-31 []        <<<<
    Policy URL: http://www.vladmiller.info/services/cert.html

sub  2048R/7D57ED51 2006-12-21
sig sbind  8443620A 2006-12-21 __________ 2007-12-31 []        <<<<
    Policy URL: http://www.vladmiller.info/services/cert.html

And it's not just an output bug. If you import that key it'll end up
like this:

gpg: NOTE: signature key 070E0B73 expired Tue 01 Jan 2008 03:26:21 NOVT
pub   4096R/8443620A 2006-12-21
uid                  Vladislav V. Miller (aka SATtva)
uid                  Vladislav V. Miller (aka SATtva) <@>
uid                  Vladislav V. Miller (aka SATtva) <@>
uid                  SATtva (openPGP in Russia project admin) <@>
uid                  Vlad Miller (for private contacts only) <@>
uid                  [jpeg image of size 7403]
sub   2048R/070E0B73 2006-12-21 [expired: 2007-12-31]          <<<<
sub   2048R/7D57ED51 2006-12-21 [expired: 2007-12-31]          <<<<

> /Simon
> 
> 


-- 
SATtva | security & privacy consulting
www.vladmiller.info | www.pgpru.com


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 505 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20080119/6df5221f/attachment.pgp>

More information about the Gnupg-users mailing list