[Sks-devel] Can SKS cope with the same key (and same fingerprint) in two

sks-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Sks-devel] Can SKS cope with the same key (and same fingerprint) in two

From:	Daniel Kahn Gillmor
Subject:	[Sks-devel] Can SKS cope with the same key (and same fingerprint) in two different roles?
Date:	Fri, 15 May 2009 10:09:04 -0400
User-agent:	Mozilla-Thunderbird 2.0.0.19 (X11/20090103)

hey SKS people--

Thinking about the way that the RFC is set up, it occurred to me that
any given asymmetric key could be placed in either subkey or primary key
position, and it would retain the same fingerprint.

So after a bit of playing around with data, i've managed to generate the
following weird pair of constructs:

> 0 address@hidden:~$ gpg --list-key --fingerprint --fingerprint
> /home/wt215/.gnupg/pubring.gpg
> ------------------------------
> pub   1024D/306863C2 2009-05-15
>       Key fingerprint = 486D 9E84 8F90 E4D7 80C7  461C CD5D 655D 3068 63C2
> uid                  Fakey McFake-Fake (DO NOT USE: A)
> sub   2048R/80FD2FAF 2009-05-15
>       Key fingerprint = 8E91 098C B184 1235 C52D  5D1B D6AB 52F2 80FD 2FAF
> 
> pub   2048R/80FD2FAF 2009-05-15
>       Key fingerprint = 8E91 098C B184 1235 C52D  5D1B D6AB 52F2 80FD 2FAF
> uid                  Fakey McFake-Fake (DO NOT USE: B)
> 
> 0 address@hidden:~$ 

In particular, the subkey of A is the same 2048-bit RSA key as the
primary key of B.  Note that the user IDs (and indeed, any of the
material that is expected to be found in the self-sig, like preferences,
usage flags, etc) are different between keys, even though the
fingerprints (and the key material itself) is identical.

This is some weirdness, to be sure.  And if it causes trouble for the
keyservers somehow that would be a Bad Thing.  I've avoided injecting
either key into the SKS network or this reason.

But i wanted to give a heads-up that this is possible.  It would even be
possible for 306863C2 to be a subkey of 80FD2FAF, with a bit more
manipulation.  Would SKS handle such a scenario well?  I only have a
weak understanding of the set reconciliation protocols described at
http://minskyprimus.net/sks/, and i haven't been able to find any
documentation about how SKS views the keyring as a set of length-b
bitstrings.

Has anyone tested this?  do you forsee any problems should such a pair
of keys be injected into the SKS pool?

        --dkg

signature.asc
Description: OpenPGP digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

[Sks-devel] Can SKS cope with the same key (and same fingerprint) in two different roles?, Daniel Kahn Gillmor <=
- Re: [Sks-devel] Can SKS cope with the same key (and same fingerprint) in two different roles?, David Shaw, 2009/05/15
  - Re: [Sks-devel] Can SKS cope with the same key (and same fingerprint) in two different roles?, Daniel Kahn Gillmor, 2009/05/22
    - Re: [Sks-devel] Can SKS cope with the same key (and same fingerprint) in two different roles?, David Shaw, 2009/05/22
    - Re: [Sks-devel] Can SKS cope with the same key (and same fingerprint) in two different roles?, Daniel Kahn Gillmor, 2009/05/22
    - Re: [Sks-devel] Can SKS cope with the same key (and same fingerprint) in two different roles?, David Shaw, 2009/05/22

Prev by Date: Re: [Sks-devel] Re: [PATCH] unqueue the tqueue database even when mailsync is empty
Next by Date: Re: [Sks-devel] Can SKS cope with the same key (and same fingerprint) in two different roles?
Previous by thread: [Sks-devel] Another SKS Keyserver
Next by thread: Re: [Sks-devel] Can SKS cope with the same key (and same fingerprint) in two different roles?
Index(es):
- Date
- Thread