[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Sks-devel] Re: keyids in signatures getting corrupted, GPG and/or Debia
From: |
Jason Harris |
Subject: |
[Sks-devel] Re: keyids in signatures getting corrupted, GPG and/or Debian problem? |
Date: |
Thu, 1 Apr 2004 14:32:14 -0500 |
User-agent: |
Mutt/1.4.2.1i |
On Wed, Mar 31, 2004 at 12:44:51AM -0500, David Shaw wrote:
> On Tue, Mar 30, 2004 at 08:24:00PM -0500, Jason Harris wrote:
> > the bogus subkey binding signature was hard to miss: 0x12F506C8.
I meant to add: ^ not
> Jason, how on earth did you find this? Really awesome discovery, and
> an interesting problem. I have a suspicion on how it happens, though
The patterns in the "bogus" signature looked weird (kjsl output):
sub 2048g/AC0E538A 1998-04-28
Key fingerprint = F5AF 74B5 3257 FB0B 85DA AAD6 B3D3 34D5 AC0E 538A
sig 0x18 12F506C8 2003-12-17 [keybind, hash: type 2, 2d 09]
sig 0x18 12F506C8 2003-12-17 [keybind, hash: type 2, 2d 09]
sig 0x18 12F506C8 1998-04-28 [keybind, hash: type 2, 3d 0a]
sig 0x18 12F50910 2003-12-17 [invalid signer? corrupted signature?, hash:
type 2, 2d 09]
and _this_ looked even weirder (GPG 1.2.4 output):
sub 2048g/AC0E538A 1998-04-28
Key fingerprint = F5AF 74B5 3257 FB0B 85DA AAD6 B3D3 34D5 AC0E 538A
sig! 12F506C8 2003-12-17 Peter Sjoberg <peters techwiz.ca>
sig! 12F50910 2003-12-17 [User id not found]
> All of that said, I'm not too worried about this. It's annoying, but
> ultimately harmless. The corrupt sig will not validate (though the
> sig itself is actually good, the bad issuer means the key that issued
> it will never be found), so it will be ignored.
Except where the issuer is irrelevant.
--
Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it?
address@hidden _|_ web: http://keyserver.kjsl.com/~jharris/
Got photons? (TM), (C) 2004
pgptKtSn9sEmc.pgp
Description: PGP signature
- [Sks-devel] Re: keyids in signatures getting corrupted, GPG and/or Debian problem?,
Jason Harris <=