[Enigmail] Popescu and keys
Ben McGinnes
ben at adversary.org
Thu May 21 23:58:33 CEST 2015
On 22/05/2015 5:37 am, Werner Koch wrote:
>
> These are all encryption subkeys. The third key is the one from
> H. Peter Anvin. I have not found one of the fingerprints given in the
> said blog posting: gpg removed it while importing the key. It is a bit
> disturbing that the other subkey listed above has a good key binding
> signature.
>
> I got distracted for some time and a few weeks later the PGP team at
> Symantec reported back that these are all duplicated subkeys where the
> other subkey had no small factors. Their thesis is that this happened
> due to memory corruption while merging a key. They planned to
> investigate that further using the PGP SDK but, like me, the case was
> more or less forgotton.
Is it possible that a keyserver running the old, buggy PKS code
(v. 0.9.something) mangled these keys?
Regards,
Ben
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 630 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20150522/8c0fa8d4/attachment.sig>
More information about the Gnupg-users
mailing list