[Sks-devel] Re: keyids in signatures getting corrupted,
GPG and/or Debian problem?
David Shaw
dshaw at jabberwocky.com
Fri Apr 2 00:20:24 CEST 2004
On Thu, Apr 01, 2004 at 04:56:34PM -0500, Jason Harris wrote:
> On Thu, Apr 01, 2004 at 03:34:26PM -0500, David Shaw wrote:
> > On Thu, Apr 01, 2004 at 02:32:14PM -0500, Jason Harris wrote:
> > > > All of that said, I'm not too worried about this. It's annoying, but
> > > > ultimately harmless. The corrupt sig will not validate (though the
> > > > sig itself is actually good, the bad issuer means the key that issued
> > > > it will never be found), so it will be ignored.
> > >
> > > Except where the issuer is irrelevant.
> >
> > I'm afraid I don't follow that comment. The issuer is always
> > relevant, as it is used to find the key that issued the signature.
>
> As the GPG output in my last message demonstrates, GPG disregards
> the issuer in subkey binding signatures. While the RFC specifies
> the issuer be included in subkey binding signatures, it also only
> allows for the parent pubkey to issue such signatures. Therefore,
> the issuer of subkey signatures is currently irrelevant, a priori.
There are optimizations done, and there is general good practice.
Don't rely on this. You'll hurt yourself.
David
More information about the Gnupg-devel
mailing list