[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: keyring.debian.org broken?

On Tue, 2003-01-14 at 15:52, John Goerzen wrote:

> So, I have two questions:
> 1. Did keyring.debian.org register my key update?


> 2. Why does the recv-keys not work from keyring.debian.org?

Currently, almost all pksd keyservers are broken for keys with more than
one subkey. What happens is along the lines of:

Original key = 
    ... userids and signatures ...
    binding signature
    binding sig

gets converted to
    binding sig of the first subkey

Which means that the first subkey must not be used now because it could
be faked. The other subkey cannot be imported by older gpg (and probably
all pgp) versions (starting with 1.2.? there's a workaround that will
repair the key so that at least one subkey can be used).

keyserver.kjsl.com and a few others have been fixed. The patch will
hopefully go into pksd 0.9.6, but I can't tell you when that might
happen (JHarris is the relevant person here).

-- vbi

Yevtushenko has... an ego that can crack crystal at a distance of twenty feet.
		-- John Cheever

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: