key-keyserver problem?
David Shaw
dshaw@jabberwocky.com
Wed Jul 17 01:01:02 2002
On Tue, Jul 16, 2002 at 06:18:00PM -0400, Jason Harris wrote:
> On Tue, Jul 16, 2002 at 05:02:52PM -0400, David Shaw wrote:
> > On Tue, Jul 16, 2002 at 04:33:14PM -0400, Jason Harris wrote:
>
> > > Be aware that 0x401EDF13, being a subkey, isn't found by keyid from
> > > ldap://pgp.surfnet.nl:11370. You might want to put, at minimum, the
> > > primary keyid in your .sig or email headers. (Manually fetching the
> > > keyid reported in your PGP signature doesn't work.)
> >
> > This is not completely correct - the LDAP keyservers can searched by
> > (long) subkey IDs.
>
> That's good to know. (GPG typically reports the short keyid, so
> that's what I used (again, with a manual fetch).)
Yes. Since it only works with long keyids, GnuPG will do a regular
key fetch with a short keyid, and a key+subkey fetch with long keyids
or fingerprints. You can turn this behavior off with the
keyserver-option "no-include-subkeys" (a new feature in 1.2).
> > Alas, a LDAP keyserver bug prevents subkey searching from working with
> > v4 RSA keys, and it seems NAI isn't going to be fixing minor bugs. :(
>
> Also good to know (only referring to the bug, that is). Thanks.
It seems there is a whole group of minor bugs in different programs
surrounding v4 RSA. Virtually nobody got it right on the first try :(
David
--
David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson