The meat with multiple PGP subkeys
Werner Koch
wk at gnupg.org
Wed Jun 18 08:27:20 EDT 2003
On Tue, 17 Jun 2003 23:42:13 +0200, martin f krafft said:
> an unusable public key. It only seems to work if they use modern
> software and obtain my key from keyserver.kjsl.com:11371 or the
You may also want to use subkeys.pgp.net. These are servers running
software not eating keys.
> - What is the problem with multiple subkeys?
pksd used to have only a simple hack to support *one* subkey but bo
revocation for them etc. If they encounter a key with an "unknown"
structre they start to eat packets or swap them around.
Updated pksd versions are much better and won't eat them anymore.
However due to the syncronisation they can't do much about already
garbled keys except for removing invalid parts.
> - Are they in accordance with the RFC (2440)?
Sure.
> - Are others experiencing these problems, and how do you deal with
> them?
I have these problems for may years now and as a workaround I use the
X-Request-PGP header to point to a valid source of my key.
> - Is there a solution in the works?
There is a couple of new keyserver software actually in use but not
yet widespread enough. subkeys.pgp.net is a goog start.
> - If not, has anyone already thought about how to solve this mess?
All keyserver operators should update to the new pksd or even better
use one of the modern servers.
Shalom-Salam,
Werner
--
Werner Koch <wk at gnupg.org>
The GnuPG Experts http://g10code.com
Free Software Foundation Europe http://fsfeurope.org
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list