Using the "clean" function (and the "PGP Global Directory")

Dan Mahoney, System Admin danm at prime.gushi.org
Wed Jun 23 06:03:02 CEST 2010


On Tue, 22 Jun 2010, Dan Mahoney, System Admin wrote:

> On Tue, 22 Jun 2010, David Shaw wrote:
>
>> On Jun 22, 2010, at 11:02 PM, Dan Mahoney, System Admin wrote:
>> 
>>> It seems there's two interesting problems which inter-relate.
>>> 
>>> The first is PGP corporation's "global directory", which seems to operate 
>>> orthogonally from every other keyserver I've seen.  It's HTTP-only, not 
>>> queryable by any of the open-source clients (in fact, it doesn't support 
>>> wildcard searches at all, and returns a captcha before delivering 
>>> results), and not SUBMITTABLE to from any of the open source clients.
>> 
>> Not exactly.  The GD speaks LDAP, so you can set your keyserver to 
>> ldap://keyserver.pgp.com and you can query and submit, etc.
>
> Interesting, I didn't see mention of that.  I must try this (assuming I've 
> built with LDAP support, that is, which under BSD is a bit obtuse).
>
>> 
>>> It's also the ONLY keyserver I've seen that supports photo IDs, and 
>>> actually uses the web interface to show you the person.
>> 
>> The SKS servers (i.e. pretty much everything that isn't the GD) do support 
>> photo IDs, but they do not use the web interface to show you the photo.
>
> That was what I meant to imply, perhaps I was unclear.
>
>> Are you sure about that?  "clean" strips off useless signatures (useless 
>> being defined as an invalid signature, a superseded signature, a revoked 
>> signature, and a signature from a key that isn't present on the keyring). 
>> Signatures from keys that are present, but have no trust value are not 
>> stripped off.
>
> Let me double check.  I saw it earlier today when transferring my work sig to 
> my personal one.  But it might just have been that my coworkers did not have 
> sigs present.  It's entirely possible I mangled the windows.

Yup, that's what happened.  I had imported my work key to my personal 
machine, but didn't have the keys of all my coworkers on my personal box, 
so "clean" decided to be helpful.

I pulled it off the keyserver again, and then pulled down the keys of all 
my coworkers, and was good.

On a related subject, is there a way to say "pull down the keys of all 
keyids who have signed key X"?

-Dan

-- 

"Long live little fat girls!"

-Recent Taco Bell Ad Slogan, Literally Translated.  (Viva Gorditas)

--------Dan Mahoney--------
Techie,  Sysadmin,  WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144   AIM: LarpGM
Site:  http://www.gushi.org
---------------------------




More information about the Gnupg-users mailing list