I advocated use of wwwkeys.pgp.net before.. I find I must now retract that recommendation now given that I have discovered the HKP corruption bug. WTF is the HKP corruption bug? If you have a key, say ..
knghtbrd@galen:~$ gpg --list-keys 0x8FF7D7A3DCF9DAB3 pub 1024D/DCF9DAB3 1999-03-01 Joseph Carter <[EMAIL PROTECTED]> uid Joseph Carter <[EMAIL PROTECTED]> uid Joseph Carter <[EMAIL PROTECTED]> uid Joseph Carter <[EMAIL PROTECTED]> uid Joseph Carter <[EMAIL PROTECTED]> sub 2048g/3F9C2A43 1999-03-01 [expires: 2003-07-08] sub 4096g/DC6AD094 2003-01-09 .. and you send it to a server .. knghtbrd@galen:~$ gpg --keyserver hkp://wwwkeys.pgp.net \ > --send 0x8FF7D7A3DCF9DAB3 gpg: DBG: increasing temp iobuf from 8192 to 16384 gpg: success sending to `wwwkeys.pgp.net' (status=200) .. someone using PGP << 7.x (probably) or GnuPG << 1.2.x (for certain) will find the key valid for checking signatures, but not for encrypting messages. Tim Howe found this problem with my key. The problem happens when you use a key with two subkeys, like mine has above. GnuPG 1.2.x will work around this corruption the best it can, trying to restore one subkey, but it will only restore the first one. As it happens, that means the first subkey, which means that in six months my key will not be suitable for encrypting messages to me unless you get the 4k subkey imported somehow (ie, by getting the key from me or from a non-broken keyserver..) There are not many non-broken keyservers out there. Most that exist are slightly non-reference implementation HKP (which GnuPG can talk to) or these days there ae LDAP keyservers. I am now using (and suggest you use "keyserver ldap://keyserver.pgp.com" in my .gnupg/options file. Note, for this to work your GnuPG needs to be built with LDAP support. Debian does this, Gentoo does only if you have ldap in your USE flags. No idea about any of the BSDs or other Linux distributions. If you have not played with LDAP otherwise, I recommend looking into it. I myself have not done so much with it, but what I have done has convinced me that LDAP is very cool and should eventually replace a whole bunch of less flexible and less-nifty things (NIS for example..) -- Joseph Carter <[EMAIL PROTECTED]> I N33D MY G4M3Z, D00D!!!!111!! (Just ... don't ask) <xtifr> Athena Desktop Environment! In your hearts, you *know* it's the right choice! :) * Knghtbrd THWAPS xtifr
msg12472/pgp00000.pgp
Description: PGP signature