David Shaw on Thu, 27 Feb 2003 18:21:05 -0500


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] GnuPG 1.2.1 trustdb checks for every pubkey import?


On Thu, Feb 27, 2003 at 04:05:37PM -0500, Jeff Abrahamson wrote:
> On Thu, Feb 27, 2003 at 03:40:17PM -0500, Eugene Smiley wrote:
> > 
> > Gabe wrote:
> > > On Thu, Feb 27, 2003 at 02:21:43PM -0500, Jeff Abrahamson wrote:
> > >> This advice *sounds* good, but is bothersome in its own way
> > >> because Mutt says
> > >>
> > >>   gpg: Signature made Thu 27 Feb 2003 01:12:16 PM EST using DSA
> > >>   key ID 49E1CBC9 gpg: Can't check signature: public key not found
> > >>
> > >> Moreover,
> > >>
> > >> jeff@asterix:Mutt $ gpg --list-sigs |grep  49E1CBC9
> > >> jeff@asterix:Mutt $ gpg --list-sigs |grep  -i shaw
> > >> sig 2   P   99242560 2002-11-09   David M. Shaw
> > >> <dshaw@jabberwocky.com> [...] jeff@asterix:Mutt $ gpg --recv-keys
> > >> 49E1CBC9 gpg: no valid OpenPGP data found.
> > >> gpg: Total number processed: 0
> > >> jeff@asterix:Mutt $
> > >
> > > What keyservers have you tried?
> > 
> > This won't matter... This is the subkeyID for the singing key the keyserver
> > don't handle multiple subkeys properly... He's posted it to
> > http://www.jabberwocky.com/key.asc.
> 
> That key has id 99242560. 
> 
> I do suspect, however, that the email came from the real David Shaw.
> But among plug gpg'ers, I couldn't let a secret other key id go
> without mention.

It's me ;)

I'm using a signing subkey, so the "key" is 99242560, even though I
signed with subkey 49E1CBC9.  If you grab the copy of my key posted at
http://www.jabberwocky.com/key.asc you'll see your signature on it,
and the new subkey as well.

Signing subkeys are a great thing for key management since they allow
people to segment their key and keep the most secret part completely
offline, but they're not fully supported yet in all software.  GnuPG
has supported them for a while, but PGP just got support in 8.0.
Unfortunately, the pksd keyservers can't handle them at all, and will
mangle the key if you try.  The LDAP keyservers are ok, as well as the
SKS keyservers.

David

Attachment: pgpyX5PCbRsYe.pgp
Description: PGP signature