Keyservers mangle with subkey binding sigs
Vlad "SATtva" Miller
sattva at pgpru.com
Sat Jan 19 14:38:50 CET 2008
Charly Avital wrote on 19.01.2008 18:26:
> Vlad "SATtva" Miller wrote the following on 1/19/08 6:01 AM:
> [...]
> | Here for example (in the bottom) you may see two subkeys with binding
> | signatures expired at 2007-12-31:
> |
> http://pool.sks-keyservers.net:11371/pks/lookup?search=0x8443620A&op=vindex
>
> So it is.
>
> | But if you look at the original copy you'll see that all regenerated
> | sigs are in place:
> | http://www.vladmiller.info/contacts/openpgp.txt
>
> After importing that keyblock:
[snip]
> [name]$ gpg --edit-key 8443620A
> gpg (GnuPG) 1.4.8; Copyright (C) 2007 Free Software Foundation, Inc.
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.
>
>
> pub 4096R/8443620A created: 2006-12-21 expires: never usage: SC
> ~ trust: unknown validity: unknown
. vvvvvvvvvvvvvvvvvvv
> sub 2048R/070E0B73 created: 2006-12-21 expires: 2010-01-01 usage: S
> sub 2048R/7D57ED51 created: 2006-12-21 expires: 2010-01-01 usage: E
. ^^^^^^^^^^^^^^^^^^^
So here's an explicit distinction between what we got from a keyserver
and from the gpg output.
[snip]
> In my system now:
>
> I have not signed your key
And you should not.
--
SATtva | security & privacy consulting
www.vladmiller.info | www.pgpru.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 505 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20080119/a966d944/attachment.pgp>
More information about the Gnupg-users
mailing list