Keyserver mangling (was: Rare condition incompatibility of public key)

David Shaw dshaw at jabberwocky.com
Tue Dec 2 22:28:54 CET 2008


On Tue, Dec 02, 2008 at 02:51:43PM -0500, Avi wrote:
> It may remove it from the copy sent, but it won't remove it from
> copy stored on keyservers. Goodness knows I've tried to clean my
> key a bunch of times, but evidence of my uber-n00bness vis-a-vis
> the PGP Global Directory remains to haunt me in perpetuity :D

Yes, this is a headache in the common keyserver design.  It is just a
aesthetic problem, really, but when you have old code like 6.5.8 that
doesn't handle keys properly, then the aesthetic problem becomes an
operational problem.

The funny thing about the Global Directory is that it solves the
problem on the one hand (as it only puts into the keyserver what you
send it, and thus you can delete any old signatures you like), but
makes the problem worse on the other (as it adds its own signatures
periodically).

A nice way to handle this is to use the "preferred keyserver"
functionality in GnuPG to tag your key with the place you like to
store it.  This doesn't deal with the initial problem of locating a
key, but once located, it will make sure that your key is refreshed
from a place that you choose.

David



More information about the Gnupg-users mailing list