[prev in list] [next in list] [prev in thread] [next in thread] 

List:       pgp-keyserver-folk
Subject:    [Pgp-keyserver-folk] Re: vindex for SKS
From:       David Shaw <dshaw () jabberwocky ! com>
Date:       2003-03-22 20:56:48
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sat, Mar 22, 2003 at 09:49:01PM +0100, Michael Nahrath wrote:

> The version from 
> <http://sks.dnsalias.net:11371/pks/lookup?op=get&search=0xD7D7517F9A4C704C>
> contains _two_ times the line
>    "hashed subpkt 25 len 2 (primary user ID)"
> once for the first, once for the second UID.
> 
> If I copy&paste 
> <http://sks.dnsalias.net:11371/pks/lookup?op=get&search=0xD7D7517F9A4C704C>
> into    $ gpg --import
> I get the message "gpg: key 9A4C704C: invalid subkey binding" and afterwards
> there is still only one "subpkt 25" in my local key.
> 
> I don't understand if this is a HKP problem or if it is a special problem
> with my key.

What you are seeing is a side-effect of how GnuPG handles multiple
self-signatures.  One of your user IDs has two self-signatures - one
with "primary" set, and a later one that does not set it.  GnuPG is
discarding the earlier signature as irrelevant.

GnuPG can (more) safely do that because it can check the signatures in
question and won't replace a valid signature with a later, but
invalid, signature.  SKS cannot check the signatures, and is returning
both.

It's arguable whether GnuPG should prune self-signatures this way, but
either way, SKS is doing the right thing.

David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2rc1 (GNU/Linux)
Comment: http://www.jabberwocky.com/david/keys.asc

iD8DBQE+fM4Q4mZch0nhy8kRAviiAKCpr/DgRyzfwS7Q1RTOgJqNEjYznwCfVfDT
QnxWnCnGkZnQvl1pzuVq0r0=
=w5L7
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]