Automatic resyncing of keys?
Florian Weimer
Weimer@CERT.Uni-Stuttgart.DE
Sun May 5 11:22:02 2002
David Shaw <dshaw@jabberwocky.com> writes:
>> Key IDs can collide (especially 32 bit ones). :-/
>
> That's not a bug. That's inherent in the design of the keyservers.
> If a program asks for "X" and two keys have key ID "X", then you get
> them both. Nothing can be done about that. Of course, you won't have
> any trust in the other key.
Yes, of course, but I don't think it's desirable that --refresh-keys
imports new keys. GnuPG can do nothing about receiving these
additional keys, but the correct approach would be to discard the
unwanted ones.
> GnuPG will use the maximum key ID size it can. If you are using
> --refresh with a LDAP keyserver, it uses the 64-bit key ID which makes
> this sort of thing much less likely. Of course, there is only one
> LDAP keyserver left for public use.
It's not too hard to make colliding 64 bit IDs for V3 keys.
--
Florian Weimer Weimer@CERT.Uni-Stuttgart.DE
University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT +49-711-685-5973/fax +49-711-685-5898