[Enigmail] Popescu and keys

Ben McGinnes ben at adversary.org
Thu May 21 23:58:33 CEST 2015


On 22/05/2015 5:37 am, Werner Koch wrote:
> 
> These are all encryption subkeys.  The third key is the one from
> H. Peter Anvin.  I have not found one of the fingerprints given in the
> said blog posting: gpg removed it while importing the key.  It is a bit
> disturbing that the other subkey listed above has a good key binding
> signature.
> 
> I got distracted for some time and a few weeks later the PGP team at
> Symantec reported back that these are all duplicated subkeys where the
> other subkey had no small factors.  Their thesis is that this happened
> due to memory corruption while merging a key.  They planned to
> investigate that further using the PGP SDK but, like me, the case was
> more or less forgotton.

Is it possible that a keyserver running the old, buggy PKS code
(v. 0.9.something) mangled these keys?


Regards,
Ben

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 630 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20150522/8c0fa8d4/attachment.sig>


More information about the Gnupg-users mailing list