Re: [Sks-devel] Short ID Collision

[John Clizbe]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1,SHA256

Dan McGee wrote:
> > On Thu, Dec 29, 2011 at 2:18 AM, John Clizbe <address@hidden> wrote:
>> >> Jerry wrote:
>>> >>>
>>> >>> It would seem, and this is strictly my own opinion, that if the "old
>>> >>> pksd" servers are dead then there is no logical reason to continue to
>>> >>> support them. Just my 2¢.
>> >>
>> >> If only all software support decisions were that cut and dried. Oh well...
>> >>
>> >> David Shaw committed patches to the 1.4, 2.0, & 2.1 branches of GnuPG
yesterday
>> >> afternoon (28-Dec). The change will be in the next release of each branch.
> >
> > Just discovered keyservers are still totally crappy on this front.
> > Check this out when using a subkey ID to try to fetch a key; the
> > following is a request produced by GPGME gpgme_get_key() that returns
> > no matches (note that this is a subkey ID):
> >
> > Subkey lookup, broken in first URL:
> >
http://pgp.mit.edu:11371/pks/lookup?op=index&options=mr&search=0x22AD5874F39D989F&exact=on
> > vs.
> >
http://pgp.mit.edu:11371/pks/lookup?op=index&options=mr&search=0xF39D989F&exact=on
> >
> > Public key lookup, both work:
> >
http://pgp.mit.edu:11371/pks/lookup?op=index&options=mr&search=0x6D1A9E70E19DAA50&exact=on
> > vs.
> >
http://pgp.mit.edu:11371/pks/lookup?op=index&options=mr&search=0xE19DAA50&exact=on
> >
> > This is totally unacceptable in my opinion, why do we have such broken
> > infrastructure that it cannot support a simple lookup like this?
thread reference:
http://lists.gnupg.org/pipermail/gnupg-users/2012-January/043495.html

Thanks for the patch, Dan. Tested with short & long key IDs and fpr of my
encryption and authentication subkeys on OpenPGP card key 0x435BD034.

[Signature key ....: E2B8 43E8 E65E EF41 27AF  A222 2313 315C 435B D034

 Encryption key....: 8C87 E7D8 63B4 0BA0 CE62  BA8B ABFE 8362 C97A C237

 Authentication key: 8841 2F18 79D5 34B8 FA3E  CC56 6D59 9CFB B850 79AD]

http://keyserver.gingerbear.net:11371/pks/lookup?op=index&options=mr&search=0x8C87E7D863B40BA0CE62BA8BABFE8362C97AC237&exact=on

http://keyserver.gingerbear.net:11371/pks/lookup?op=index&options=mr&search=0xABFE8362C97AC237&exact=on

http://keyserver.gingerbear.net:11371/pks/lookup?op=index&options=mr&search=0x88412F1879D534B8FA3ECC566D599CFBB85079AD&exact=on

http://keyserver.gingerbear.net:11371/pks/lookup?op=index&options=mr&search=0x6D599CFBB85079AD&exact=on

Works fine.

The patch will be in the next release of SKS and until then the patched source
may be pulled from:

    hg clone https://code.google.com/r/johnclizbe-sks-keyserver/

Thanks again for the patch.

- -John

- -- 
John P. Clizbe                      Inet: John (a) GingerBear DAWT net
FSF Assoc #995 / FSFE Fellow #1797  hkp://keyserver.gingerbear.net  or
     mailto:address@hidden

                   Cowboy Haiku -- Reflections on Rodeo
So many Cowboys. / Round Wrangler butts drive me nuts. / Never enough rope.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12-svn5502-2010-12-23 (Windows XP)
Comment: When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!
Comment: Be part of the £33† ECHELON -- Use Strong Encryption.
Comment: It's YOUR right - for the time being.
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJPBtzKAAoJECMTMVxDW9A0lWUIAJ1aL9dcpZmDKFVODC9f1pz6
m60SBYR+gSy7ZlLMRsekXvNEdHTXA/EK/ovb65ZTTeTRbM9HpGXCKoKYBgM1HbSR
Kw3+iWiJegLJlp2zQvRgnBwTuDoU2DcI6uO0gSHeORLQFXl0b+XJs2MruU2VVMyN
Y+o+juv/2OOTG9tdJaTyYqHuAPyWim8lVlZ5J7gWsxKyK9uTKvUH/m9VSXF2yGPg
9H0nNDFqJ3CKHvSurV9S5mcg+WJSy2NTzhlD5VbNTMPeCosTJheuuNLo/YCfAsLY
oowzNtaFoMlkIOIFtInglnLGhMd6C5OS1iC+4/3DTHrX3Auo03WypDnpjQL2AXmI
XgQBEQgABgUCTwbcygAKCRDrXhnz1laYJfKuAP0ZlWZSb8lM1F9V718vttaF+qHs
hsDrsrm1rkhwhmGjsgD/QG8D75jYXTI8Pb/3uUcD1rXpKazjNVa9anVJ9FSPYo8=
=rZJo
-----END PGP SIGNATURE-----