Keyservers mangle with subkey binding sigs
Charly Avital
shavital at mac.com
Sat Jan 19 18:31:44 CET 2008
Vlad "SATtva" Miller wrote the following on 1/19/08 8:38 AM:
[...]
>
> So here's an explicit distinction between what we got from a keyserver
> and from the gpg output.
As far as I am concerned, that's what I got from the keyserver I used,
yes.
I believe <steffenjan at web.de> posted that:
"I'm not too deep into subkeys, but I just downloaded your key
0x8443620A from a keyserver and it had tow subkeys 0x070E0B73 and
0x7D57ED51 both valid till 1.1.2010.
But the self-signs on all the different Sub-IDs are expired on 5.1.2008.
All this didn't change when I imported the key from www.vladmiller.info
So my hint is to sign all the IDs too."
> [snip]
>> In my system now:
>>
>> I have not signed your key
>
> And you should not.
Thank you for telling me what I should not, I know the protocol.
There is such a thing named 'local sign', that makes a local signature
non-exportable, not that I intend to upload your key, that just isn't done.
As I indicated in my complete post, I signed (local signature) just in
order to find out whether it would make the interrogation point on your
*second* "photo" go away, which it didn't, not unexpectedly.
Best regards,
Charly
More information about the Gnupg-users
mailing list