[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] multiple subkey binding
From: |
David Shaw |
Subject: |
Re: [Sks-devel] multiple subkey binding |
Date: |
Wed, 3 Dec 2003 10:14:07 -0500 |
User-agent: |
Mutt/1.5.5i |
On Wed, Dec 03, 2003 at 07:28:58AM -0500, Yaron M. Minsky wrote:
> Nope. Cleaning fixes various problems, but the multiple subkey problem
> can only be fixed with cryptographic support, which SKS doesn't have.
> (It is possible that a good-enough fix could be achived without
> cryptographic support, but I haven't looked into it in detail.)
The corruption is pretty predictable. You end up with keys like this:
primary
uid
subkey A
subkey sig A
subkey B
subkey sig B
subkey sig A
Basically, you need to check if any of the subkeys have identical
binding signatures to any of the other subkeys, and remove the LAST
one.
> Functionally, though, the only problem of including the bogus packets is
> an increase in size and the annoying messages you saw. So it's not a
> huge win to include that key-fixing.
Yes, especially since it is not guaranteed to guess right. :)
GnuPG 1.2.3 doesn't give that warning any more since it is so common
to have mangled keys from keyservers...
David
- [Sks-devel] multiple subkey binding, Peter Palfrader, 2003/12/02
- Re: [Sks-devel] multiple subkey binding, David Shaw, 2003/12/03
- Re: [Sks-devel] multiple subkey binding, Jason Harris, 2003/12/03
- Re: [Sks-devel] multiple subkey binding, David Shaw, 2003/12/03
- Re: [Sks-devel] multiple subkey binding, Jason Harris, 2003/12/03
- Re: [Sks-devel] multiple subkey binding, David Shaw, 2003/12/03
- Re: [Sks-devel] multiple subkey binding, Jason Harris, 2003/12/03
- Re: [Sks-devel] multiple subkey binding, David Shaw, 2003/12/03
- Re: [Sks-devel] multiple subkey binding, Werner Koch, 2003/12/04