Re: [Sks-devel] multiple subkey binding

[Jason Harris]

On Wed, Dec 03, 2003 at 04:59:12PM -0500, David Shaw wrote:
> On Wed, Dec 03, 2003 at 04:05:11PM -0500, Jason Harris wrote:
> 
> > So, such legacy subpackets seem to be able to find the keyservers
> > with newer versions of GPG, at least.  How the versions of the
> > signatures without the type 101 subpackets are getting generated is
> > still unclear to me, however.
> 
> Not generated.  Maintained, though.  GnuPG doesn't tamper with the
> private subpackets, since it doesn't know who generated them, or why.

Older versions of GPG added those subpackets for private use.
Newer versions of GPG preserve them.  Therefore:

  "GnuPG never exported the local subpackets, so someone would have to
   make an extreme effort to get them onto the server."

seems incorrect.  Wouldn't pointing a newer GPG at an existing keyring
(with those subpackets) and doing a --send-keys account for them winding
up on the keyservers?

Thus, (old) signatures _without_ the subpackets were likely uploaded to
keyservers by the legacy GPG versions that _generated_ the subpackets.
Signatures _with_ subpackets are uploaded by GPG versions that _don't_
_use_ the subpackets, but happily preserve them from older key[ring]s.

-- 
Jason Harris          | NIC:  JH329, PGP:  This _is_ PGP-signed, isn't it?
address@hidden | web:  http://keyserver.kjsl.com/~jharris/

pgpsQXJOeFtG6.pgp
Description: PGP signature