keyring.debian.org & pgp.net

To: bod@debian.org, debian-devel@lists.debian.org
Subject: keyring.debian.org & pgp.net
From: John Goerzen <jgoerzen@complete.org>
Date: Fri, 29 Jun 2001 12:10:53 -0500
Message-id: <[🔎] 87ithfyzxe.fsf@complete.org>

Hi,

I discovered this week that the pgp.net keyservers have a serious bug
wherein they will horribly mangle the encryption key of any person
whose key has multiple subkeys on it.  Mine is such a key.
Conversation with the pgp.net folks indicates that this bug has been
known since 1999 but not fixed (!)  Worse, it is extremely difficult
to get the key back to a usable state after it has been so corrupted.

keyring.debian.org does not have this problem and accepts keys with
multiple subkeys without difficulty.  However, it sends these keys to
pgp.net.  The result: it can be an unwitting accomplice in corrupting
people's records on pgp.net.  My record appears to have been at least
somewhat repaired on pgp.net but I am concerned that
keyring.debian.org might corrupt it again.

I would highly encourage us to stop sending keys there and instead
send them to keyserver.net or keys.pgp.com.

-- John

-- 
John Goerzen <jgoerzen@complete.org>                       www.complete.org
Sr. Software Developer, Progeny Linux Systems, Inc.         www.progeny.com
#include <std_disclaimer.h>                          <jgoerzen@progeny.com>

Reply to:

Follow-Ups:
- Re: keyring.debian.org & pgp.net
  - From: Henrique de Moraes Holschuh <hmh@debian.org>

Prev by Date: Re: Policy proposal: Cpu extension code, update-ldsoconf
Next by Date: Re: harden distribution
Previous by thread: Re: /var/samba -> /var/state/samba script
Next by thread: Re: keyring.debian.org & pgp.net
Index(es):
- Date
- Thread