[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] Re: keyids in signatures getting corrupted, GPG and/or D
From: |
David Shaw |
Subject: |
Re: [Sks-devel] Re: keyids in signatures getting corrupted, GPG and/or Debian problem? |
Date: |
Thu, 1 Apr 2004 17:20:24 -0500 |
User-agent: |
Mutt/1.5.6i |
On Thu, Apr 01, 2004 at 04:56:34PM -0500, Jason Harris wrote:
> On Thu, Apr 01, 2004 at 03:34:26PM -0500, David Shaw wrote:
> > On Thu, Apr 01, 2004 at 02:32:14PM -0500, Jason Harris wrote:
> > > > All of that said, I'm not too worried about this. It's annoying, but
> > > > ultimately harmless. The corrupt sig will not validate (though the
> > > > sig itself is actually good, the bad issuer means the key that issued
> > > > it will never be found), so it will be ignored.
> > >
> > > Except where the issuer is irrelevant.
> >
> > I'm afraid I don't follow that comment. The issuer is always
> > relevant, as it is used to find the key that issued the signature.
>
> As the GPG output in my last message demonstrates, GPG disregards
> the issuer in subkey binding signatures. While the RFC specifies
> the issuer be included in subkey binding signatures, it also only
> allows for the parent pubkey to issue such signatures. Therefore,
> the issuer of subkey signatures is currently irrelevant, a priori.
There are optimizations done, and there is general good practice.
Don't rely on this. You'll hurt yourself.
David