[prev in list] [next in list] [prev in thread] [next in thread]
List: pgp-keyserver-folk
Subject: Re: The subkey problem
From: "Stefan Kelm" <kelm () secorvo ! de>
Date: 2001-07-02 8:33:34
[Download RAW message or body]
Folks,
we've been discussing this issue quite a while ago. FYI, I'm
forward one of the mails that Hironobi San sent on that topic.
I don't think there have been updates to the pksd recently.
Cheers,
Stefan.
------- Forwarded message follows -------
From: Hironobu SUZUKI <hironobu@h2np.net>
To: pgp-keyserver-folk@flame.org
Subject: Re: pks not handling multiple subkeys?
Date sent: Sun, 28 Jan 2001 19:30:53 +0900
FYI.
This weekend, I try to read pksd source codes and I realized this
problem is big problem than I thought. This problem was not fixed by
week-end quick hack.
This is a quick memo for my debugging. (I'm sorry for this memo is
written by strange English :-)
--hironobu
-----------------------------------------------------------
WHAT'S WRONG
-------------
1) OpenPGP allows multiple public subkeys.
2) In pksd, only-one subkey is allowed and there is no data type for
subkeys list.
See. kd_types.h
---
typedef struct _sigs_elem { <== signature packets
...
} sigs_elem;
typedef struct _userids_elem { <== user id's packets
...
} userids_elem;
typedef struct _keys_elem {
xbuffer pubkey;
xbuffer subkey; <== ONLY ONE
xbuffer subkeysig; <== ONLY ONE
....
llist userids; <== LIST
llist words; <== LIST
} keys_elem;
----
3) When subkey found in new add key, new subkey is appended
keys_elem's subkey element. It causes many problems.
kd_search.c:315
---
} else { /* subkey packet */
=> if (!xbuffer_append(&(s->ke->subkey), packet->data, packet->size)) {
s->err->fatal = 1;
s->err->str = "Appending subkey to key failed";
fail();
}
---
WHAT'S HAPPENED
---------------
CASE 1:
If new pubkey has multiple subkeys and is added to pksd, all public
subkeys append to only-one xbuffer(s->ke->subkey). This xbuffer (not
list) become meaningless data because subkey area is assumed for
only-one subkey.
CASE 2:
If already pubkey exits in pksd, new submitting pubkey's subkeys are
ignored.
CASE 3:
If a pubkey with one-subkey already exits in pksd database and
submitting pubkey's subkeys has any revoke(s) signature, revoke
signature is effective for a pubkey with one-subkey which already
exits in pksd database.
HOW TO FIX IT
-------------
NOT YET.
------- End of forwarded message -------
-------------------------------------------------------
Dipl.-Inform. Stefan Kelm
Security Consultant
Secorvo Security Consulting GmbH
Albert-Nestler-Strasse 9, D-76131 Karlsruhe
Tel. +49 721 6105-461, Fax +49 721 6105-455
E-Mail kelm@secorvo.de, http://www.secorvo.de
-------------------------------------------------------
PGP Fingerprint 87AE E858 CCBC C3A2 E633 D139 B0D9 212B
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic