Re: recommendation for key servers
There are still SKS servers running, but several are unsynchronized, including, apparently, pgp.mit.edu. Of course, they have the same key import/poisoning problems already mentioned on these lists… Here are the hockeypuck servers I could find, all synchronizing properly and apparently exchanging data (minus the unwanted packets) with the SKS servers that are synchronized: http://keys.andreas-puls.de/pks/lookup?op=stats http://keys2.andreas-puls.de/pks/lookup?op=stats http://keys3.andreas-puls.de/pks/lookup?op=stats http://pgp.cyberbits.eu/pks/lookup?op=stats http://pgp.re:11371/pks/lookup?op=stats https://pgpkeys.eu/pks/lookup?op=stats https://keybath.trifence.ch/pks/lookup?op=stats https://keyserver.trifence.ch/pks/lookup?op=stats HTH. (Please excuse the HTML.) Sent from my iPad > On Jun 24, 2021, at 7:19 PM, deloptes via Gnupg-devel > wrote: > > > Hi, we heard that sks-keyservers.net will be depreciated > so we were wondering what service we should use in the application default > settings > We I mean TDE devs > > where do we go from here? > > thank you in advance > BR > ___ > Gnupg-devel mailing list > gnupg-de...@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-devel ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Difficulty of fixing reconciliation
> On Aug 15, 2019, at 3:33 PM, Werner Koch wrote: > > On Thu, 15 Aug 2019 00:02, gnupg-users@gnupg.org said: > >> But at least then we will want to add cryptography to see which >> selfsigs are truly legitimate, right? > > That would be the first and most important step to get the keyservers > back for the WoT Actually, I think hockeypuck might be validating selfsigs already: https://github.com/hockeypuck/openpgp/blob/v1/pubkey.go when it calls CheckSig(). (It isn’t that hard to install and loads most of the SKS keydump keys, but you do need PostgreSQL and then to sync with SKS to get the remaining (malformed) keys that apparently didn’t get imported from the dump.) Sent from my iPad___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Difficulty of fixing reconciliation
> On Aug 14, 2019, at 6:32 PM, MFPA via Gnupg-users > wrote: > On Wednesday 14 August 2019 at 10:39:56 AM, in > , Alessandro Vesely > via Gnupg-users wrote:- > >> I'm no expert, but it seems to me that 3rd party >> signatures should not >> be allowed. > > Perhaps a "keyserver no-third-party-signatures" option would resolve > this. Unlike "keyserver no-modify", honouring it would not require a > keyserver to undertake any cryptographic checking. No, then the “attack” just changes to making the issuing keyid = the keyid being attacked, so everything looks like a selfsig... But at least then we will want to add cryptography to see which selfsigs are truly legitimate, right? Sent from my iPad ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How much load are keyservers willing to handle?
On Wed, Dec 18, 2013 at 10:20:26PM +, adrelanos wrote: I am planing to write a script, which will refresh the apt signing key before updating using apt-get update. The script might get accepted in Debian. [1] With my Whonix hat on, it's safe to say, that this script will be added to Whonix (which is a derivative of Debian). Writing that script would be much simpler if it could re-use the existing keyserver infrastructure. Now imagine if this gets added to Debian, that all users of Debian and all its derivatives will always refresh their signing key against keyservers? Could keyservers cope up with the load? The legal question would be interesting, but don't worry, if you ask me not to use keyservers for this, I'll use a mechanism outside of keyservers. [1] http://lists.debian.org/debian-security/2013/12/msg00031.html 1) setup your own DNS so you can shut things off if anything goes wrong! (you can use dyn.com or others, no servers required) 2) probably best discussed on the sks-devel list, Reply-To set accordingly 3) try running your own keyserver(s), SKS is easy enough to deploy -- Jason Harris | PGP: This _is_ PGP-signed, isn't it? jhar...@widomaker.com _|_ Got photons? (TM), (C) 2004 pgpya6iSgyHv5.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
GnuPG mirrors
On Sat, Oct 05, 2013 at 10:46:39AM +0200, Werner Koch wrote: direct from ftp://ftp.gnupg.org/gcrypt/gnupg/ . The list of mirrors can be found at http://www.gnupg.org/mirrors.html . Note, that GnuPG The list has some dead/stale entries. I found the following mirrors to be viable and current: ftp://ftp.crysys.hu/pub/gnupg/gnupg/ ftp://ftp.franken.de/pub/crypt/mirror/ftp.gnupg.org/gcrypt/gnupg/ ftp://ftp.freenet.de/pub/ftp.gnupg.org/gcrypt/gnupg/ ftp://ftp.hi.is/pub/mirrors/gnupg/gnupg/ ftp://ftp.sunet.se/pub/security/gnupg/gnupg/ ftp://gd.tuwien.ac.at/privacy/gnupg/gnupg/ ftp://mirror.switch.ch/mirror/gnupg/gnupg/ http://artfiles.org/gnupg.org/gnupg/ http://ftp.heanet.ie/mirrors/ftp.gnupg.org/gcrypt/gnupg/ http://mirror.tje.me.uk/pub/mirrors/ftp.gnupg.org/gnupg/ http://www.mirrorservice.org/sites/ftp.gnupg.org/gcrypt/gnupg/ http://mirrors.dotsrc.org/gcrypt/gnupg/ http://mirrors.dotsrc.org/gnupg/gnupg/ Thanks. -- Jason Harris | PGP: This _is_ PGP-signed, isn't it? jhar...@widomaker.com _|_ Got photons? (TM), (C) 2004 pgprdHkcehbzl.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: 2.0.20 beta available
On Wed, Apr 24, 2013 at 09:40:51PM +0200, Werner Koch wrote: Hi, it is now more than a year since we released 2.0.19. Thus it is really time to get 2.0.20 out of the door. If you want to quickly try a beta you may use: ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-2.0.20-beta118.tar.bz2 Please send bug reports only to the mailing list. I don't see a .sig, so do these hashes (SHA1, SHA256) look correct? 4dafebee7b0c7adde2b27473faca7236851cf472 72af477e33b15baf6733af3e5e5c49c18ddf398b8a90e93c65d04cb34f04f00b4277493 ./alpha/gnupg/gnupg-2.0.20-beta118.tar.bz2 Thanks. -- Jason Harris | PGP: This _is_ PGP-signed, isn't it? jhar...@widomaker.com _|_ Got photons? (TM), (C) 2004 pgpE_07nLZ9le.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: ld.so.1: gpg: fatal: libusb.so.1: open failed: No such file or directory
On Tue, Feb 15, 2011 at 05:50:11PM -0500, David Shaw wrote: I have set the LD_LIBRARY_PATH=/usr/sfw/lib:/lib:/usr/lib:/usr/local/lib:/lib/64:/usr/lib/64 But when i run this command: gpg --list-keys i am getting this error: ld.so.1: gpg: fatal: libusb.so.1: open failed: No such file or directory Killed That's an error from your loader. It can't run gpg, because the gpg binary is built with USB smartcard reader support via libusb, but your system doesn't have libusb available within your LD_LIBRARY_PATH. This isn't a gpg error - gpg never even got executed here. The fix is to either figure out where you have libusb and include that in your path, to get libusb, or rebuild gpg to not require libusb. Geez, doesn't anybody READ anymore?! Even _I_ just managed to read: [ldd output quoted to whatever level] libusb.so.1 = /usr/sfw/lib/libusb.so.1 So, it is in the LD_LIBRARY_PATH quoted above, and therefore IT IS ON THE SYSTEM, right? If I were to guess, LD_LIBRARY_PATH is being ignored/reset... -- Jason Harris | PGP: This _is_ PGP-signed, isn't it? jhar...@widomaker.com _|_ Got photons? (TM), (C) 2004 pgp3I91RiXIEp.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
gnupg mirrors (was: Re: [Announce] GnuPG 1.4.11 released)
On Mon, Oct 18, 2010 at 08:36:59PM +0200, Werner Koch wrote: On Mon, 18 Oct 2010 18:36, jhar...@widomaker.com said: The .exe is there and matches the SHA-1, but the .sig isn't there: Ooops. Forgot to upload that one - fixed. Sorry. Actually, our FTP server would not have a problem to serve all requests. The mirrors are more a historics thing but more an more folks wan't to mirror (I recently added a rel=nofollow in case some of them intent to bump up their page rank). I should change the wording of the announcement. OK, good to know. Thanks for the fixes. Thanks for the hint of the mktorrent; maybe I can add this to our webpage anyway. Actually, and somewhat fortunately, I didn't find any BitTorrent trackers I like that worked automagically (without login and manual upload of a .torrent) and with elinks/aria2c/lftp. aria2c was happy to ignore a non-existent tracker at localhost and do everything from web seeds, however. Of course, it should do equally well using a metalink, and without the problem of exporting cryptography for US-based users... For now, I found the following changes in the GnuPG mirrors: http://ftp.linux.it/pub/mirrors/gnupg/ new (listed by FreeBSD) ftp://sunsite.cnlab-switch.ch/mirror/gnupg/ new (listed by FreeBSD) ftp://ftp.bit.nl/mirror/gnupg/ is incomplete ftp://ftp.demon.nl/pub/mirrors/gnupg/ no longer mirrors gpg ftp://ftp.surfnet.nl/pub/security/gnupg/stopped mirroring gpg in 2007 http://gd.tuwien.ac.at/privacy/gnupg/ serves files, but no listings http://www.gnupg.ca/mirrors website, not files -- Jason Harris | PGP: This _is_ PGP-signed, isn't it? jhar...@widomaker.com _|_ Got photons? (TM), (C) 2004 pgpXs36HYKrA4.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Announce] GnuPG 1.4.11 released
On Mon, Oct 18, 2010 at 01:33:51PM +0200, Werner Koch wrote: We are pleased to announce the availability of a new stable GnuPG-1 release: Version 1.4.11. In the *binary* directory, you should find these files: gnupg-w32cli-1.4.11.exe (1588k) gnupg-w32cli-1.4.11.exe.sig 631b5129f918b7d30247ade8bcc27908951eaea0 gnupg-w32cli-1.4.11.exe The .exe is there and matches the SHA-1, but the .sig isn't there: %wget ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32cli-1.4.11.exe.sig --2010-10-18 12:22:53-- ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32cli-1.4.11.exe.sig = `gnupg-w32cli-1.4.11.exe.sig.1' Resolving ftp.gnupg.org (ftp.gnupg.org)... 217.69.76.55 Connecting to ftp.gnupg.org (ftp.gnupg.org)|217.69.76.55|:21... connected. Logging in as anonymous ... Logged in! == SYST ... done.== PWD ... done. == TYPE I ... done. == CWD (1) /gcrypt/binary ... done. == SIZE gnupg-w32cli-1.4.11.exe.sig ... done. == PASV ... done.== RETR gnupg-w32cli-1.4.11.exe.sig ... No such file `gnupg-w32cli-1.4.11.exe.sig'. Also, none of the mirrors in FreeBSD's /usr/ports/Mk/bsd.sites.mk have the .tar.bz2{,.sig} files yet. Ever consider publishing a .torrent with web-based seeds? http://mktorrent.sourceforge.net/ should make it easy to generate. Thanks. -- Jason Harris | PGP: This _is_ PGP-signed, isn't it? jhar...@widomaker.com _|_ Got photons? (TM), (C) 2004 pgpxmtC70mL7Q.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: WoT cluster analysis tools?
On Tue, Aug 10, 2010 at 04:52:12AM +, Robin H. Johnson wrote: Not sure if such things exist already, but hopefully they do, and somebody could point me to them... To go into a little more detail, I'd like to examine the WoT as it exists between Gentoo developers, and try to work out a reasonable way to close it for resurrecting our long-dead keyring. Specifically interested in isolation of local clusters within the sets of keys. Two sets of keys, one of current developers only, and a second of all developers, past and present. Looking around, I find a few WoT graphing sites, but none of the tools used by said sites. I think keyanalyze does exactly what you want. Given a keyring, it will list the strong set, in which everyone can reach everyone else, and isolated sets, which can be connected to the strong set with a single connection between sets. Any keys which aren't specifically listed are (essentially) only self-signed and also need a connection to/from the strong set. -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? jhar...@widomaker.com _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 pgpSmqtNbhACm.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: changing key expiration
On Thu, Aug 27, 2009 at 07:36:02PM +0200, Bernhard Kuemel wrote: I changed my expiration with --edit-key expire from never to 3y and uploaded the key. Then I changed it to 5y and uploaded the key. Now the uploaded key has several self signatures and expiration dates on http://pgp.mit.edu:11371/pks/lookup?op=vindexsearch=0xF732FBF3E4219D48 It appears the key expiration is part of the signatures. Will the most recent signature have the effective expiration date? Yes: %gpg --with-fingerprint --with-fingerprint --check-sigs E4219D48 pub 1024D/E4219D48 2004-12-19 [expires: 2014-08-26] Key fingerprint = E18F BF4D 0EE2 6522 E950 A06A F732 FBF3 E421 9D48 uid Bernhard K?mel bernh...@bksys.at sig!3E4219D48 2009-08-27 Bernhard K?mel bernh...@bksys.at sig!3E4219D48 2009-08-27 Bernhard K?mel bernh...@bksys.at uid Bernhard Kuemel bernh...@bksys.at sig!3E4219D48 2004-12-19 Bernhard K?mel bernh...@bksys.at sig!3E4219D48 2009-08-27 Bernhard K?mel bernh...@bksys.at sig!3E4219D48 2009-08-27 Bernhard K?mel bernh...@bksys.at sub 1024g/0A5FA7F8 2004-12-19 Key fingerprint = A5C7 D8D4 3C01 9925 15B3 6310 04CE 1D3C 0A5F A7F8 sig! E4219D48 2004-12-19 Bernhard K?mel bernh...@bksys.at 1 signature not checked due to a missing key I downloaded the key so I could revoke the unwanted signatures. That isn't really necessary - it will just clutter your key and the keyservers. -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? jhar...@widomaker.com _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 pgpgcpWWuy4Ut.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
new (2007-12-09) keyanalyze results (+sigcheck)
New keyanalyze results are available at: http://keyserver.kjsl.com/~jharris/ka/2007-12-09/ Signatures are now being checked using keyanalyze+sigcheck: http://keyserver.kjsl.com/~jharris/aaronl/ Earlier reports are also available, for comparison: http://keyserver.kjsl.com/~jharris/ka/ Even earlier monthly reports are at: http://dtype.org/keyanalyze/ SHA-1 hashes and sizes for all the permanent files: 573ed138b5877ae55852ff1c577dd4fafcda49b415508800preprocess.keys 35ac99ee5c11a932ee8d3d7b39fc8388f78ac4908920943 othersets.txt ad356b40fdc6ca88dff821b6cf369da5ad1cc6aa3747276 msd-sorted.txt 97d10a3317044d912ea66645f36eb32b47cd21272282keyring_stats 3f097ce2d384222762318e0266ccea688dfca9e41472118 msd-sorted.txt.bz2 5157cc711adc5d24306502040c312ed16963e7532975778 msd.txt ea3615bdb3a8001aee9bd843a80d08aac094b3f626 other.txt b570c3d65da6ed2b542488e2bc8f65df281631981941797 othersets.txt.bz2 82c9651fd781fc47bf41820af043d4399d8e53756341320 preprocess.keys.bz2 2a2b047e22925160eac22e113403b078fb87d25316023 status.txt d93e2f4e0e1770b7f8614779d39cb6d859cdb224194402 top1000table.html b120c020a7c843fc7a76cc60ffceaddb13a9353d29491 top1000table.html.gz 029b559b576e6f3e5a46854db50fb7c66f5ff0e99707top50table.html 9bcd31ce12d03bcd9b2e83fd5310704940fd107d2489D3/D39DA0E3 -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? [EMAIL PROTECTED] _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 pgppQengPVPAd.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
new (2007-11-25) keyanalyze results (+sigcheck)
New keyanalyze results are available at: http://keyserver.kjsl.com/~jharris/ka/2007-11-25/ Signatures are now being checked using keyanalyze+sigcheck: http://keyserver.kjsl.com/~jharris/aaronl/ Earlier reports are also available, for comparison: http://keyserver.kjsl.com/~jharris/ka/ Even earlier monthly reports are at: http://dtype.org/keyanalyze/ SHA-1 hashes and sizes for all the permanent files: 1855afb3705ac370a23602f79d8d56e265e6576815444720preprocess.keys 6401923b2776e0908e7b6ffa647e9061f9a0ee548891282 othersets.txt a780a8d3481d24d9cf64f40c5e16a02bd7e2b6393730276 msd-sorted.txt 468cb4e4c8937cad364b948e1988d1217bb581652282keyring_stats e07eea60f4d61d89534473d756b6ca7eabdf36521465862 msd-sorted.txt.bz2 4f6ef330243462a7457325e0ba1299283b3f85162962278 msd.txt cd49c45204a675da86b099c697f8bd9526e32f4626 other.txt 36f518c90d5d9881591cf416fb45eafaaae8bdb41934287 othersets.txt.bz2 8771f5c6b1d8c6b4b1406e2b29b2c1651b37a3e16314538 preprocess.keys.bz2 58ef409a0bdf30ffc8ab3b64901d409d914c748a15810 status.txt 706e3d6643368ee6149bbeda7f4746ed3f46dd16194398 top1000table.html 8cf9a604f5cf7799c957260074eebfa20320551429506 top1000table.html.gz 9f464af31a83c9a0b04a399e3179d4cff516ac419707top50table.html 9df9d75d005471401faab9bd005e9f1544c5e4962489D3/D39DA0E3 -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? [EMAIL PROTECTED] _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 pgpmjkBkqvkKh.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
new (2007-11-11) keyanalyze results (+sigcheck)
New keyanalyze results are available at: http://keyserver.kjsl.com/~jharris/ka/2007-11-11/ Signatures are now being checked using keyanalyze+sigcheck: http://keyserver.kjsl.com/~jharris/aaronl/ Earlier reports are also available, for comparison: http://keyserver.kjsl.com/~jharris/ka/ Even earlier monthly reports are at: http://dtype.org/keyanalyze/ SHA-1 hashes and sizes for all the permanent files: 5d12bc2d9592dc211780188afac1c5f2c79b2e0e15390954preprocess.keys 46388600277244d5853d7ad9e79438d1e651a2d98863477 othersets.txt 0fec2d1c97649a5c87ce4de178f6e99070c33dce3716540 msd-sorted.txt 8648b6c700e82dc07475a75a21c42a80e0dd2fa02281keyring_stats 05e0b95147210f1283a1b259335c723057bb12251458143 msd-sorted.txt.bz2 b70bf3c526a6bb42d997365adc35109c47b327e32951370 msd.txt 8554f2ccb5cd26eb974fe8f369591747334896d026 other.txt de0b8b3bec31de0eaf4d75aafcf129eb5a2ca61d1928524 othersets.txt.bz2 07454feac83631fa14acb7f28a70f38e6c4258df6284426 preprocess.keys.bz2 aa3af20f4947f486b3f97cea2846c7308862f67315876 status.txt ccef225a9913039308e3a8098355ad0c34fe17bf194350 top1000table.html 06eee34ef4b44e62ea8569707f594d6bcbedf61529427 top1000table.html.gz 5323d32e1f5e2fe189dd25f5113e4be1657a21f69710top50table.html 6f84087ba24aebfc637addbe28d8f971fd27197c2469D3/D39DA0E3 -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? [EMAIL PROTECTED] _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 pgp3r7c2D2ln0.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: PGP messages getting flagged as spam
On Wed, Oct 17, 2007 at 09:34:34AM +0200, Sven Radde wrote: Probably true, but how will spammers get signatures on their stuff that are valid *for me*? They would have to compromise one of the keys that are valid on my keyring or one that would be considered trustworthy by means of the web-of-trust. Why not just take some signed content from a key in the strong set, like this message, and add some unsigned spam to it? It would be a great way to ruin keys by making them spam-keys. Maintaining a dedicated database of spam-keys that had been trustworthy but were used for spam would help, too (to assign messages signed by those keys a bad score). (These are best revoked by their owners, of course.) Unfortunately, these databases might be naively implemented as keyservers, or existing keyservers could start being burdened with votes in the form of signatures and/or revocations from any number of signers (voters). At most, you would only want to publish fingerprints of such keys rather than helping propagate and/or bloat them. Worse, how do you determine that some replayed signed content was indeed replayed? Does everyone now have to start publishing lists of the hashes for all their unencrypted, signed messages and the intended recipient(s) for each message? How would these lists be verified? -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? [EMAIL PROTECTED] _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 pgphdV7QHlDiV.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
new (2007-06-24) keyanalyze results (+sigcheck
New keyanalyze results are available at: http://keyserver.kjsl.com/~jharris/ka/2007-06-24/ Signatures are now being checked using keyanalyze+sigcheck: http://dtype.org/~aaronl/ Earlier reports are also available, for comparison: http://keyserver.kjsl.com/~jharris/ka/ Even earlier monthly reports are at: http://dtype.org/keyanalyze/ SHA-1 hashes and sizes for all the permanent files: 693fa8ec79909f3d195d7cd8bc06a99ff6a99aa614964552preprocess.keys 73d4bd2eb5c64c1cf854595f3bbad72a5777127a8661346 othersets.txt fdb1a56cfe503d48338489e2340eeebf57a282733615016 msd-sorted.txt 159cb81ff86b7504d9f708a25541515492ad48482278keyring_stats b1321ea5b121e4e68fb95c6c0e753a378ec120711420564 msd-sorted.txt.bz2 338c7eb79665fa65a5f42259e4e84446fab2d37b26 other.txt 018a9e1ebb8bfdaacb161242916bc530febd968b1882078 othersets.txt.bz2 583fd8ebd8baeb5039b51143f1548e5f78cd9f656093727 preprocess.keys.bz2 8eb09cf808d26cb32b63fe365566e2bed4d9041815279 status.txt 556bed2ac8938c2992df6032d7dd4f59f53dd871194216 top1000table.html 11dcb21463783d31fa6f66e06fee8b2a042d654529469 top1000table.html.gz cae4113ba50ea044406ea43f943e2d51ff86760c9712top50table.html 564551becfcd0ad911704c48b1774a1f118e30152529D3/D39DA0E3 -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? [EMAIL PROTECTED] _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 pgpM2aVplixJi.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
new (2007-06-10) keyanalyze results (+sigcheck)
New keyanalyze results are available at: http://keyserver.kjsl.com/~jharris/ka/2007-06-10/ Signatures are now being checked using keyanalyze+sigcheck: http://dtype.org/~aaronl/ Earlier reports are also available, for comparison: http://keyserver.kjsl.com/~jharris/ka/ Even earlier monthly reports are at: http://dtype.org/keyanalyze/ SHA-1 hashes and sizes for all the permanent files: 2c78886524d01203b8a805e6e72224f84d10cb6814902056preprocess.keys 799cf84b30198c0f84128f47a68e13d0154bedbe8640906 othersets.txt fa83f9a4e2b4563cdac52a531db8f5428fe3ccd43560718 msd-sorted.txt baaeed0c20caa1a4a3560b18bc67065532e47d512276keyring_stats fd7ca4bac414586aae346eaff3cfeb1721bbb02d1401542 msd-sorted.txt.bz2 ac997bfae18a6f202f675fd23165e68af751df7b26 other.txt 0ab8465957042f48f28a266ec595b076ca7f4ebf1878107 othersets.txt.bz2 2c9378b0d8c1ca93b3e00615670b1709f8f477f76070207 preprocess.keys.bz2 4b48f13770f4e53fe2b636299f9e7b432d9f48bc15373 status.txt 3aebe1595990611a814ddc67e2908b7ab5db2997194403 top1000table.html be74cdef4e48f9d494ca72f1eaf1f2ece827f44329602 top1000table.html.gz ad7643888b57086d0c88be4d39cc133bc9b05dac9714top50table.html 022e831a11ef152e44e483a65638b1b712f0eea82529D3/D39DA0E3 -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? [EMAIL PROTECTED] _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 pgpJ8HNBROlVv.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
new (2007-05-27) keyanalyze results (+sigcheck)
New keyanalyze results are available at: http://keyserver.kjsl.com/~jharris/ka/2007-05-27/ Signatures are now being checked using keyanalyze+sigcheck: http://dtype.org/~aaronl/ Earlier reports are also available, for comparison: http://keyserver.kjsl.com/~jharris/ka/ Even earlier monthly reports are at: http://dtype.org/keyanalyze/ SHA-1 hashes and sizes for all the permanent files: 6484659effbda4ce7a1da75569a09c1d5d4bce9214829318preprocess.keys 2e93f9a98200260202983ac16ce0613ea772010e8623499 othersets.txt e4956d5b215f4d9dd77f0f972f5abcff1265e3103552252 msd-sorted.txt f38aeff391fc2b8ed07f6d62620992fbea1fe9fb2278keyring_stats f37b6a7973cec8e39a13b2d8ae7a6f79f1af64bc1397141 msd-sorted.txt.bz2 15c97abcbcd6b13e82a8d95330d0a5d08a303b7d26 other.txt f742c2f21896b4e07d9fede9e1c4ded8fe3cd88b1873083 othersets.txt.bz2 92568db2c700760127a373ed2fc98adfeb7edbf16047516 preprocess.keys.bz2 9ba4d9b29ecf8c424fbd8c054621c70171e2d1d015205 status.txt 6bbb0681e9d48b08777635234ab15b83207b5ec8194432 top1000table.html ca90144b3158b5789011e0741687286c10c2921e29612 top1000table.html.gz 543753bdb2fee73548f6b8e3a2bc9931598946219763top50table.html 846209e98a82e5003577bdea5643041fc9219f092529D3/D39DA0E3 -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? [EMAIL PROTECTED] _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 pgpfj5A59qfB1.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
new (2007-05-13) keyanalyze results (+sigcheck)
New keyanalyze results are available at: http://keyserver.kjsl.com/~jharris/ka/2007-05-13/ Signatures are now being checked using keyanalyze+sigcheck: http://dtype.org/~aaronl/ Earlier reports are also available, for comparison: http://keyserver.kjsl.com/~jharris/ka/ Even earlier monthly reports are at: http://dtype.org/keyanalyze/ SHA-1 hashes and sizes for all the permanent files: 6a8fa7e9c100bc2f85e37b689461bc4e2c19028f14794434preprocess.keys 0dbd791d1fbdce69d3ab133bab57910a7cb9e0f68609272 othersets.txt 97d1f32de77a872392066451c63a0926240ec1273543310 msd-sorted.txt 549096e2c81de2a786520e4939df394a3955f5042278keyring_stats d5deafa2e5eeca24eb629aece2ff6fe4f741c2b21393694 msd-sorted.txt.bz2 ea464636f23360f57d72021c160875a3658726 other.txt f7d8d297d7f02f44fdfd38dcd7b694afa0d3fb981870208 othersets.txt.bz2 ee92830ed0c6f406b71b8d5b2f66ca6c54e1ffef6030649 preprocess.keys.bz2 f47b9ff7b1e3409ef896e42f3792625e4848300115060 status.txt 367abc7cda9a5ad34fe79bc729c7b7a347d68874194554 top1000table.html 3d91c96d001cea928312b6c00385069c6acd0ceb29669 top1000table.html.gz 34cdd07ae84b2a4514b9ff5efb7bf40f3bb1a65c9785top50table.html bcc7aa2e0e46d1b08bf2324d54f9de7b64826f9a2529D3/D39DA0E3 -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? [EMAIL PROTECTED] _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 pgpLit03Oiwx0.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
new (2007-04-29) keyanalyze results (+sigcheck)
New keyanalyze results are available at: http://keyserver.kjsl.com/~jharris/ka/2007-04-29/ Signatures are now being checked using keyanalyze+sigcheck: http://dtype.org/~aaronl/ Earlier reports are also available, for comparison: http://keyserver.kjsl.com/~jharris/ka/ Even earlier monthly reports are at: http://dtype.org/keyanalyze/ SHA-1 hashes and sizes for all the permanent files: b1b9f153d7b6372c490ce3ac6b40817a881ea0ce14761080preprocess.keys 332a017366d48313b9ba21a8e1998dd2139530f68589800 othersets.txt e44eaabadd3623ed97c981df6e6caa04dbc24dfe3535082 msd-sorted.txt dc586a32b7fe267eb37545fd6c673937b6cfde7b2278keyring_stats d76da935cf2e5ccd319bb1bd7a8b42fe2394d98e1390239 msd-sorted.txt.bz2 9924dc3cd8e86ba8c141ccf2db5917b5f758682626 other.txt 393434537fd7d68242d6eee3aa1ff55dd865d4311865983 othersets.txt.bz2 514a5a18918f8983a247a37c4ae749af0852b1e46016488 preprocess.keys.bz2 848d8d8f2b90b2053fd0ff0c7abf28af7e19ecb315302 status.txt b9b53c73579892f63c4ab3d816b951fa8feb57dc194550 top1000table.html f9b1daa610ad2bb4ca401444a529a4ba60ef91fa29638 top1000table.html.gz 25aa72776820f1d3fdfb8fe710ec63bb3c95c0379783top50table.html 2c6f44cf8045d4e5ae172ef84e1b22605251dc432529D3/D39DA0E3 -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? [EMAIL PROTECTED] _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 pgpGvNMplGd5o.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
new (2007-04-15) keyanalyze results (+sigcheck)
New keyanalyze results are available at: http://keyserver.kjsl.com/~jharris/ka/2007-04-15/ Signatures are now being checked using keyanalyze+sigcheck: http://dtype.org/~aaronl/ Earlier reports are also available, for comparison: http://keyserver.kjsl.com/~jharris/ka/ Even earlier monthly reports are at: http://dtype.org/keyanalyze/ SHA-1 hashes and sizes for all the permanent files: 76244b4fc264e19b5ee69fe7de0f6878b1108e4f14694606preprocess.keys 5aca414bd54f27962782a1a6155d6bf74d6f48388565696 othersets.txt 7119db02b3ac10e6abbfe551800c3688457b3521006 msd-sorted.txt 1215b9e3ab23e89658cf0fb785338f7c649ee4ee2278keyring_stats 37e80fbfa2fee0ebba84139bc6fb1e8032104fe41385893 msd-sorted.txt.bz2 6ca3bc35cef7eb4ebca3530ae2203cd49e8c526026 other.txt 25d361da16fa85dbfc4374ce75ae2933f07ce3f81860783 othersets.txt.bz2 ff283d7a323433653e9604c90b7327337170bfee5988020 preprocess.keys.bz2 b22352acb227b0354e8f95cf43636b963866324815156 status.txt 0c82b9fd1bbb6892cbe4b7ebe68f5162a360fc74194588 top1000table.html b19019d41d31dd73d74a8c93d8cf0afbbff0895329651 top1000table.html.gz d1104dc76d1e52f9fb488edf84cc1db5f042e2e09781top50table.html 5cf52de9f2c6ce4979ffa577292970fe340e84bd2529D3/D39DA0E3 -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? [EMAIL PROTECTED] _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 pgpmGugEVa3kw.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Check integrity of gnupg-w32cli-1.4.7.exe
On Sat, Apr 14, 2007 at 05:20:33AM -0400, StephenK wrote: I've checked the sha1 hash for the downloaded gnupg-w32cli-1.4.7.exe on the main page and it checks: b806e8789c93dc6d08b129170d6beb9e1a5ae68f I have found this last task impossible. Even searching for the hash it self turns up nothing. Choose a different search engine. google.com has several hits for that hash, and dogpile.com shows results from several search engines for that hash. -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? [EMAIL PROTECTED] _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 pgps0gHKVbSBq.pgp Description: PGP signature ___ Gnupg-users mailing list [EMAIL PROTECTED] http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Problem interoperating with PGP Univeral?
On Mon, Apr 02, 2007 at 11:24:45AM +0200, Werner Koch wrote: On Mon, 2 Apr 2007 09:40, [EMAIL PROTECTED] said: I can provide some more details on this. GnuPG 1.4.7 returns with this error message gpg: can't handle this ambiguous signature data. Well, PGP is broken: -BEGIN PGP SIGNATURE- Version: PGP Universal 2.5.3 qANQR1DEDQMBAhH9zteyosL+MwHCPwMFAUYL2iX9zteyosL+MxECC8QAnRhWP2Sx Ex7VcRL+wBVB2C7lksYAAKCYHvRP7E8vA5jKNgigU0o4kbFn4w== =lOCI -END PGP SIGNATURE- This should be a detached signature, but http://www.mailscanner.info/files/4/tar/MailScanner-install-4.58.9-1.tar.gz.sig seems to have the same problem: -BEGIN PGP SIGNATURE- Version: PGP Desktop 9.5.3 (Build 5003) qANQR1DEDQMAAhER9llHFBW2VAHCPwMFAEXCAV0R9llHFBW2VBECL1sAoK20XoXM yfp8cdno1BQa81FA7xiFAJ4vY6UUI9dlHY8TjDyKuz+VenV94g== =57gK -END PGP SIGNATURE- $ gpg --list-packets -v x.sig gpg: armor header: Version: PGP Universal 2.5.3 :marker packet: 50 47 50 :onepass_sig packet: keyid FDCED7B2A2C2FE33 version 3, sigclass 01, digest 2, pubkey 17, last=1 :signature packet: algo 17, keyid FDCED7B2A2C2FE33 version 3, created 1175181861, md5len 5, sigclass 0x01 digest algo 2, begin of digest 0b c4 data: [157 bits] data: [160 bits] pgpdump adds packet sizes, which are useful (below): %pgpdump MailScanner-install-4.58.9-1.tar.gz.sig Old: Marker Packet(tag 10)(3 bytes) String - ... New: One-Pass Signature Packet(tag 4)(13 bytes) New version(3) Sig type - Signature of a binary document(0x00). Hash alg - SHA1(hash 2) Pub alg - DSA Digital Signature Algorithm(pub 17) Key ID - 0x11F659471415B654 Next packet - other than one pass signature New: Signature Packet(tag 2)(63 bytes) Ver 3 - old Hash material(5 bytes): Sig type - Signature of a binary document(0x00). Creation time - Thu Feb 1 10:03:57 EST 2007 Key ID - 0x11F659471415B654 Pub alg - DSA Digital Signature Algorithm(pub 17) Hash alg - SHA1(hash 2) Hash left 2 bytes - 2f 5b DSA r(160 bits) - ... DSA s(158 bits) - ... - hash(160 bits) So what we have is an ascii armor with a marker packet (that is okay), followed by a one-pass signature packet directly followed by the signature packet. Between the one-pass signature packet and the signature packet, a literal data packet is expected. Fortunately, these semi-detached signature(s) can still be used: %gpg --dearmor MailScanner-install-4.58.9-1.tar.gz.sig | tail -c 65 MailScanner-install-4.58.9-1.tar.gz.sign % gpg ... *.sign [snip] [GNUPG:] VALIDSIG EE81D7633DB00BFDE1DC722211F659471415B654 2007-02-01 1170342237 0 3 0 17 2 00 EE81D7633DB00BFDE1DC722211F659471415B654 (Julian [EMAIL PROTECTED] BCC'd) -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? [EMAIL PROTECTED] _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 pgpSFjNGyXrEK.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
new (2007-04-01) keyanalyze results (+sigcheck)
New keyanalyze results are available at: http://keyserver.kjsl.com/~jharris/ka/2007-04-01/ Signatures are now being checked using keyanalyze+sigcheck: http://dtype.org/~aaronl/ Earlier reports are also available, for comparison: http://keyserver.kjsl.com/~jharris/ka/ Even earlier monthly reports are at: http://dtype.org/keyanalyze/ SHA-1 hashes and sizes for all the permanent files: 0bc2904f1f73185cd87886b7dd6e5c4d1d3daf7814673996preprocess.keys 77b3a2b92712270af911bf79b002f5f912d4a6b68550477 othersets.txt 33c4117bf95630032dcd4267117e9769bde5f26c3513424 msd-sorted.txt 616ac10c985055264085ad236b1974b7cfb372cb2278keyring_stats a17ab023cbafce762d6a89c1b145648512cdd9a71382861 msd-sorted.txt.bz2 048c8c87770c7cf35dfe4e3e8f34df4ce372484326 other.txt af5fd8d5f1cf4973d21637436bd5fcd6fe2891071856679 othersets.txt.bz2 91e61f7c87402b32a3426ab4a7ecc643c44572e75975647 preprocess.keys.bz2 1077fc5a66d1bf7505197b7aa6020f89f60d82fa14895 status.txt ad99b4bfaf4fc2ec70a7538d5ebe838bed9db194194539 top1000table.html 37d2f984866ae37937a377fab07646ac6af9504d29679 top1000table.html.gz 0591cb468b3c1311a76be940e853773aacb3d3779800top50table.html 40a774d1848adec9c6cf3b204b1ea8182fd2a1b22529D3/D39DA0E3 -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? [EMAIL PROTECTED] _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 pgp1fEQj62hMh.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
new (2007-03-18) keyanalyze results (+sigcheck)
New keyanalyze results are available at: http://keyserver.kjsl.com/~jharris/ka/2007-03-18/ Signatures are now being checked using keyanalyze+sigcheck: http://dtype.org/~aaronl/ Earlier reports are also available, for comparison: http://keyserver.kjsl.com/~jharris/ka/ Even earlier monthly reports are at: http://dtype.org/keyanalyze/ SHA-1 hashes and sizes for all the permanent files: c3d94da51aec16bca25aa28f8d0b850841fa832914641776preprocess.keys 22b666022b1d47dda1d0ecd2f348c692afba6fe28531579 othersets.txt 35807e06167623d50f2247acce21c9503bb01d663507678 msd-sorted.txt 35d9f25e5db5c08db5853f00da05ee66771b31b52278keyring_stats f4da768310b8afa588f2434159479085a71781481380285 msd-sorted.txt.bz2 30855130432a7c7e404f85c367c42bc276e106f226 other.txt 36625506f5a4d10f801743e2c490264911a98c3a1852023 othersets.txt.bz2 5bbabe86293e2c4b846e42d7978e596b97ed858d5954318 preprocess.keys.bz2 ebb42bceef65bd4e723abb9c05aa0ce21d9dfe6e15108 status.txt c4dc5f05989aea0a59926e7a2d657e640c962205194524 top1000table.html 278422b27d4399b539e784def9f016a5453d279329708 top1000table.html.gz 96623cdd38aeae9904db8df3772bdc0f19f758fe9781top50table.html 4a0ddb9ad55ed7dca50ef41dd36ec75ac3c635042529D3/D39DA0E3 -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? [EMAIL PROTECTED] _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 pgp4HSdBw99kQ.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: signing source code with gpg
On Wed, Mar 14, 2007 at 06:42:48PM +0100, Werner Koch wrote: On Wed, 14 Mar 2007 18:06, [EMAIL PROTECTED] said: revision control system changes the content of the files it will invalidate the signature. I've read opinions that keyword expansion is deprecated, and seeing things like: $MBSDlabs: portmk/bsd.ocaml.mk,v 1.18 2006/08/06 18:47:23 stas Exp $ $FreeBSD: ports/Mk/bsd.ocaml.mk,v 1.1 2007/03/14 04:05:25 linimon Exp $ makes me tend to agree. While this shows the origin of the file in multiple repositories, does it really help the upstream author when merging patches from downstream? Also, CVS (and probably other systems) doesn't update keywords until after a checkin+checkout cycle, so any signatures you [re]generate before the next checkout will be[come] broken. Thus, using keyword expansion means you have to trust the server to give back your files with hopefully only the keywords modified before you can [re-]sign them. Of course, this requires two checkins and is particularly noticeable (i.e., ugly) and even more problematic (i.e., The sigs are broken in -r5, get -r6.) on newer systems with atomic commits that would otherwise prevent this (keyword-expansion-race) problem. FWIW, I use this with some files and Subversion: # Note: The subversion copy of this file carries a gpg:signature # property with its OpenPGP signature. Check this signature before # adding entries: # f=foo; svn pg gpg:signature $f | gpg --verify - $f # to create a new signature: # f=foo; gpg -sba $f svn ps gpg:signature -F $f.asc $f Finally! :) But (for those who may be unaware), unfortunately this will allow valid sigs from _any key_ you happen to have in _any of the keyrings_ GPG accesses during this step. Now seems like a good time to ask for an option like: --require-sig-from fingerprint [fingerprint ...] to make sure sigs are only from particular signers. As an add-on to the FreeBSD ports system, I've already had to employ --status-fd to make sure I get a signature from an expected signer: === Verifying PGP signature gnupg-1.4.7.tar.bz2.sig gpg: assuming signed data in `/usr/ports/distfiles//gnupg-1.4.7.tar.bz2' gpg: Signature made Mon Mar 5 04:54:17 2007 EST using RSA key ID 1CE0C630 gpg: please do a --check-trustdb gpg: Good signature from Werner Koch (dist sig) [EMAIL PROTECTED] Primary key fingerprint: 7B96 D396 E647 1601 754B E4DB 53B6 20D0 1CE0 C630 gpg: binary signature, digest algorithm SHA1 === Valid sig. from expected ID 0x7B96D396E6471601754BE4DB53B620D01CE0C630. versus a key ID that differs even by only one bit: === Verifying PGP signature gnupg-1.4.7.tar.bz2.sig gpg: assuming signed data in `/usr/ports/distfiles//gnupg-1.4.7.tar.bz2' gpg: Signature made Mon Mar 5 04:54:17 2007 EST using RSA key ID 1CE0C630 gpg: please do a --check-trustdb gpg: Good signature from Werner Koch (dist sig) [EMAIL PROTECTED] Primary key fingerprint: 7B96 D396 E647 1601 754B E4DB 53B6 20D0 1CE0 C630 gpg: binary signature, digest algorithm SHA1 = error: File wasn't signed by ID 0x7B96D396E6471601754BE4DB53B620D01CE0C631. = error: Make sure sigs. from ID 0x7B96D396E6471601754BE4DB53B620D01CE0C630 = error: are legitimate before adjusting FP_SIG_000 in Makefile.csig *** Error code 1 or several expected signers: === Verifying PGP signature subversion-1.4.3.tar.bz2.asc gpg: armor header: Version: GnuPG v1.4.5 (Cygwin) gpg: armor header: Version: GnuPG v1.4.3 (GNU/Linux) gpg: armor header: Version: GnuPG v1.4.5 (GNU/Linux) gpg: armor header: Version: GnuPG v1.4.6 (GNU/Linux) gpg: armor header: Version: GnuPG v1.4.6 (Darwin) gpg: assuming signed data in `/usr/ports/distfiles/subversion/subversion-1.4.3.tar.bz2' [snip] === Valid sig. from expected ID 0x03341CF464A23E9416E76B1EA1FCE25133D38008 23885E64C64E981E4884834D7C535299C0F2C580 332480DA0F8CA37DAEE6D0840B03AE6E4E24517C 3C016F2B764621BB549C66B516A96495E2226795 AAFF6033364F02BB1239907567D9B249674F05E0. (As implemented, this requires at least one VALIDSIG from every fingerprint in the list.) NB: This facilitates [re]fetching the key(s) in advance of the signature check to help catch any revocations _and_ removes the need to --[l]sign keys to memorize them as expected signers and/or to juggle keyrings, esp. with gpgv. -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? [EMAIL PROTECTED] _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 pgpGXUVk6xNCI.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
new (2007-03-04) keyanalyze results (+sigcheck)
New keyanalyze results are available at: http://keyserver.kjsl.com/~jharris/ka/2007-03-04/ Signatures are now being checked using keyanalyze+sigcheck: http://dtype.org/~aaronl/ Earlier reports are also available, for comparison: http://keyserver.kjsl.com/~jharris/ka/ Even earlier monthly reports are at: http://dtype.org/keyanalyze/ SHA-1 hashes and sizes for all the permanent files: ac7e90bbddb67fc93da2fd0dd08ca05f8df3e2e014572584preprocess.keys a0331c0495134854d2772b800ed4827294b8a2218518083 othersets.txt d85856f699143168fad96ff71d85a059b54b2e9f3503768 msd-sorted.txt ee7513d6673185c48dd654a1e8e683b1f7c8788f1450index.html 1d03047862a50c1096baeffb910c45bb6ccaf8992278keyring_stats 20041ca7f218a8a647c9a556e3c0ddd75104c6801378724 msd-sorted.txt.bz2 c75c7bc9b3bc74fcab19df58afea2fb1e8c4c32626 other.txt fd3d04aecfb2102b06a8edadb0cbc5b37308da591849064 othersets.txt.bz2 fbe406e70323704ab5ddbff3dc7f4646c227a77e5927878 preprocess.keys.bz2 289ae4babebe3dc517e656ffc7ef94bdc7d6e36814968 status.txt 82bef87a351447412a5381990503a744dae21eb9194476 top1000table.html 24fd44baa56b935bb2e161133d9f41ff3c70144a29653 top1000table.html.gz 2dfdcc48bf337724c3de823706c8bdb5d3a53f9b9785top50table.html fddf52c615f22c8dccb9161215e76b989c42b48f2529D3/D39DA0E3 -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? [EMAIL PROTECTED] _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 pgpfHkcjxti4z.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
new (2007-02-18) keyanalyze results (+sigcheck)
New keyanalyze results are available at: http://keyserver.kjsl.com/~jharris/ka/2007-02-18/ Signatures are now being checked using keyanalyze+sigcheck: http://dtype.org/~aaronl/ Earlier reports are also available, for comparison: http://keyserver.kjsl.com/~jharris/ka/ Even earlier monthly reports are at: http://dtype.org/keyanalyze/ SHA-1 hashes and sizes for all the permanent files: 6223f3b4be449e8973f25c64ab5643256139678614501664preprocess.keys bd467da8b2eb9370bdbfcebedeba81f8e290f9268500470 othersets.txt c8068451d690c8514377c7e721831554d06696d13493296 msd-sorted.txt ee7513d6673185c48dd654a1e8e683b1f7c8788f1450index.html 65f95783f1cecccbda9f03aa130fbbb3192efc002278keyring_stats 3bb6777995a0896c97138dcb82c70d8bbd77b96e1374285 msd-sorted.txt.bz2 46f0b7e3b8429e96adaac2c451af6d8e18c202c126 other.txt a6beb7767223d04e7e6c7c55ab110876b28c2fd21844558 othersets.txt.bz2 0a4b4f0cd325836ee7fc6498d8e013e176013dde5901206 preprocess.keys.bz2 a4654bbc1b95c89b4bed19a6b9ec18233aba12b014728 status.txt 86d7adf2acfc22a5de070bb7df2b24d314ecd9fd194548 top1000table.html 36e0127b31c75a1051ba0fc32ff6d973ed468faf29703 top1000table.html.gz be7a6d26967cc3f5021bba2bfa0633fd3b25d3059791top50table.html 16c570a7443f24cb544c8eab20efec045e9fbc2d2529D3/D39DA0E3 -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? [EMAIL PROTECTED] _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 pgp5VPz5OpKz2.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Keyserver refresh period after gpg --send-keys
On Sun, Feb 18, 2007 at 11:31:55PM -0500, David Shaw wrote: On Sun, Feb 18, 2007 at 11:11:37PM +0100, Bruno Costacurta wrote: I updated the expiration (via gpg --edit-key using expire option) of my key and (re)sended it to a keyserver (via gpg --send-keys [my key id]) to keyserver subkeys.pgp.net. However key is still not updated after few hours. What are normal delays ? Keys do get temporarily trapped on the SKS keyserver network until keyserver.kjsl.com copies them over to the rest of the planet. BTW, your subkey isn't currently usable: sub 2048g/0CC897B5 2006-06-11 [subkey] Key fingerprint = CCE0 5315 0022 9460 0337 6C6F 4253 1C9A 0CC8 97B5 sig 0x18 2E604D51 2006-06-11 [skey EXPIRED 2006-12-08] [keybind, hash: type 2, e0 0f] sig 0x18 2E604D51 2006-06-11 [skey EXPIRED 2006-12-08] [keybind, hash: type 2, e0 0f] There is not an easy answer to that question. subkeys.pgp.net is not actually a keyserver, but rather a collection of (at the moment) 5 different keyservers. When you use it, you get one server from the pool in a round-robin fashion. Generally speaking, any given keyserver in the pool that you update reflects the update immediately, but frequently people update one keyserver in the pool, but then check for the update from another server in the pool which hasn't gotten it yet. NB: I think if GPG printed the IP address of the keyserver it used, it could end some of this confusion. Specifically, these were in a batch update from SKS to onak/OpenPKSD/pks/ etc. (all times are TZ=UTC): 2007-02-06 23:02:08.290952260 display_new_sig: new sig 28 by 2E604D51 added to 2E604D51 Bruno Costacurta [EMAIL PROTECTED] 2007-02-06 23:02:08.291023778 display_new_sig: new subkey sig by 2E604D51 added to 2E604D51 these were first seen from pgp.nic.ad.jp: 2007-02-16 13:41:00.597122207 display_new_sig: new sig 1 by 2E604D51 added to 2E604D51 Bruno Costacurta [EMAIL PROTECTED] 2007-02-16 13:41:00.597182829 display_new_sig: new sig 2 by 2E604D51 added to 2E604D51 pubmb02 [EMAIL PROTECTED] and these were in another batch update: 2007-02-18 23:02:27.870255691 display_new_sig: new sig 71 by 2E604D51 added to 2E604D51 Bruno Costacurta [EMAIL PROTECTED] 2007-02-18 23:02:27.870319946 display_new_sig: new sig 72 by 2E604D51 added to 2E604D51 pubmb02 [EMAIL PROTECTED] -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? [EMAIL PROTECTED] _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 pgpFyjN7NndU0.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
new (2007-02-04) keyanalyze results (+sigcheck)
New keyanalyze results are available at: http://keyserver.kjsl.com/~jharris/ka/2007-02-04/ Signatures are now being checked using keyanalyze+sigcheck: http://dtype.org/~aaronl/ Earlier reports are also available, for comparison: http://keyserver.kjsl.com/~jharris/ka/ Even earlier monthly reports are at: http://dtype.org/keyanalyze/ SHA-1 hashes and sizes for all the permanent files: b3d0aacd19c088a661a19e37d74d7e1996fccb1514459760preprocess.keys c946effa31b83959f501dbfe95109d38cab85a698480415 othersets.txt b072ddbaceabe9eaa3a4256e7a4aaf10d0a6f6e03477622 msd-sorted.txt ee7513d6673185c48dd654a1e8e683b1f7c8788f1450index.html fccd1b1cf5e7c6611e7950a2a7d741aff08f91532278keyring_stats 397cd852840bb462638ca7096800399f828b7c471368288 msd-sorted.txt.bz2 e0ced60c9562daa3032abe7551a26a7a5afce36b26 other.txt e86c800743a8ab0a16952ebeb6de2e355e27d87f1839751 othersets.txt.bz2 82ce02825d887ff48aed71efa4ba82b0a7e599575880850 preprocess.keys.bz2 3c86a21d7d6e444e43a15f98bc92f8bbf50e059314725 status.txt d4973bf6a1f33319d91cd4e7c1f5f6c46214a81f194595 top1000table.html a23e213fb8c0a2a6064100d392b337127824fdf429780 top1000table.html.gz dae7b4ddf0d5d71940632bffb9cdbfe9a54cd80d9782top50table.html e26e21e89dc47cbe4a79f8bf775c7eb0edb243412529D3/D39DA0E3 -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? [EMAIL PROTECTED] _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 pgpo9fjLPRWut.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
new (2007-01-21) keyanalyze results (+sigcheck)
New keyanalyze results are available at: http://keyserver.kjsl.com/~jharris/ka/2007-01-21/ Signatures are now being checked using keyanalyze+sigcheck: http://dtype.org/~aaronl/ Earlier reports are also available, for comparison: http://keyserver.kjsl.com/~jharris/ka/ Even earlier monthly reports are at: http://dtype.org/keyanalyze/ SHA-1 hashes and sizes for all the permanent files: 25cfaaf3d123c576dbef0ff396cf310a615fee7214377734preprocess.keys a84a8159d5e90b233974e766f65ada041beb4fb78431416 othersets.txt 35843748b06e84a72f096108806c8de5785df4033465688 msd-sorted.txt ee7513d6673185c48dd654a1e8e683b1f7c8788f1450index.html 318a4add2d7ea0cb87294a88f719dad2701b34552278keyring_stats cf89c12f33d6d90fcc04c9c4d62f609a9864e9641362433 msd-sorted.txt.bz2 5c1b5ad1f270bf2a1404b5738d77293f7d7872b426 other.txt 0b3d5364ae7322b7baa48727ebb98730dba5ba261829329 othersets.txt.bz2 a4a6e181d858a76aa5f70104fab9c86a7da4f6625837219 preprocess.keys.bz2 8fe856c19fb52d19f069ef5d3ac8e738a66eecdc14632 status.txt ef6388d942e5a4bd550270b995226b23e5cb15e8194634 top1000table.html c61d92b8f7f8361555d4c578270d37743cccf11029764 top1000table.html.gz 811ff47a9cc566756426eac42d85d52668f8d8519781top50table.html 4e88e0c17120106099cd5845c58fc17b33018d7b2549D3/D39DA0E3 -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? [EMAIL PROTECTED] _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 pgpr5O6JDuuPM.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
new (2007-01-07) keyanalyze results (+sigcheck)
New keyanalyze results are available at: http://keyserver.kjsl.com/~jharris/ka/2007-01-07/ Signatures are now being checked using keyanalyze+sigcheck: http://dtype.org/~aaronl/ Earlier reports are also available, for comparison: http://keyserver.kjsl.com/~jharris/ka/ Even earlier monthly reports are at: http://dtype.org/keyanalyze/ SHA-1 hashes and sizes for all the permanent files: 99c3545b9282668f6e50e74890e67bc1f8ebc3af14334516preprocess.keys e3e7d68462d6dbbf71383bb0a575bb433a81579a8404768 othersets.txt 086bd89b382ba6532d81eedd955b551ffbbd84923448178 msd-sorted.tx ee7513d6673185c48dd654a1e8e683b1f7c8788f1450index.html 56fcb073ab03f3aedb309cc1b8ddcb13acd1777e2277keyring_stats 606e68e0dcb4b362dd852bbe07e0dab95ec0eea11355746 msd-sorted.txt.bz2 21b18be5dee05cab9bb640ecec9cecab8917c57926 other.txt 4160c35d15ca41fd299650b797df277af304b2f61824164 othersets.txt.bz2 661625913fb3d347d61353b7914c0af835eba9145816200 preprocess.keys.bz2 58dc706ffd60fa1a8eee431efd5d9f8a46247eda14559 status.txt d088fc7a16eeec7c42d6042022465fdc35955170194584 top1000table.html 033ed67b22c71f0ed6fe66740a3e8f1ca7293e0d29670 top1000table.html.gz ad9f37767dbdaf186e7028670c1fbe6763ffd3159765top50table.html 17064c0f17b9d83e4a82ce9e4564ce96d7fbbc1e2529D3/D39DA0E3 -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? [EMAIL PROTECTED] _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 pgp5sbZY6rDo9.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
new (2006-06-11) keyanalyze results (+sigcheck)
New keyanalyze results are available at: http://keyserver.kjsl.com/~jharris/ka/2006-06-11/ Signatures are now being checked using keyanalyze+sigcheck: http://dtype.org/~aaronl/ Earlier reports are also available, for comparison: http://keyserver.kjsl.com/~jharris/ka/ Even earlier monthly reports are at: http://dtype.org/keyanalyze/ SHA-1 hashes and sizes for all the permanent files: 16dec9fe9a68acf62fd48a97bd033d7373362ebd13838166preprocess.keys 8f2aced8a3646637596b6c23f50d728c93a08a138196239 othersets.txt 02be65c1a6261e0e72f6ad00595d516c2f2b9d093348796 msd-sorted.txt a751f9d5477744a4f5e5ce6ebad6a60908e317ee1372index.html e91b7927bc87f07eec1e4c9e9aa231fdc606947b2291keyring_stats 9e9feb5efa14b145f513f21cbbf884cb86b975e71315030 msd-sorted.txt.bz2 6c9833abf7f76a998654997d0a57dbe6ea9b21ec26 other.txt 4ed7cb02c2bb9d07bec1c42d66c5fd67cbc999b91775463 othersets.txt.bz2 b09f08bd13f521ea12e0b372fd0560df1d95aefd5609029 preprocess.keys.bz2 27359049d3d7d9d27404f8b9f46e005f393d1b7413933 status.txt 1a84fc4346ce97cbf8de6dcd94c84d91e029b138209825 top1000table.html a5ffd88331b1957d3560cacec11e9e9e219aa3d230052 top1000table.html.gz 0bd927f2ec8dbe88efd8152638fc4cadc58ac24d10804 top50table.html 1f8084ce6578d8559d8998fe928ad77b7f2bfcc52529D3/D39DA0E3 -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? [EMAIL PROTECTED] _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 pgpkWkV4TsOmb.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
new (2006-05-28) keyanalyze results (+sigcheck)
New keyanalyze results are available at: http://keyserver.kjsl.com/~jharris/ka/2006-05-28/ Signatures are now being checked using keyanalyze+sigcheck: http://dtype.org/~aaronl/ Earlier reports are also available, for comparison: http://keyserver.kjsl.com/~jharris/ka/ Even earlier monthly reports are at: http://dtype.org/keyanalyze/ SHA-1 hashes and sizes for all the permanent files: 76cbf193ff062432a3d7684523813559a541b45c13788576preprocess.keys e856d729f3510315c48dda89b24f13991910853c8179022 othersets.txt 80fd83bb5f12417f03b845256027bdf51592d3b43346076 msd-sorted.txt a751f9d5477744a4f5e5ce6ebad6a60908e317ee1372index.html ed7bb4434aa2c33c451ef8886d10090484c3fd072291keyring_stats 01fdc4a508e6474d037de0e40d24756eb30b3aa71315313 msd-sorted.txt.bz2 fbd556512f8e3dcdfa694a97264a681635fbb06c26 other.txt a0c981ad3cc8cc4b1ff0f671fe6d5a8ab22c779c1771858 othersets.txt.bz2 e5d0f8e9f0817b7ea58ae919811ac9a10f34d7c55588820 preprocess.keys.bz2 63d4e050fb3214cfa7c0969ea590604d49b1d9f714150 status.txt f1214558e1a308642741aa498813dc26b12ead23209786 top1000table.html 75feab961dccdf1f89f498f1127cb24820d07e2829972 top1000table.html.gz f8e6a492a33b28871730c6c61e51bf18cc556b0b10799 top50table.html fa60f6104db7642535c289218499578ed2c3d0f12544D3/D39DA0E3 -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? [EMAIL PROTECTED] _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 pgpauvaoOe33S.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
new (2006-05-14) keyanalyze results (+sigcheck)
New keyanalyze results are available at: http://keyserver.kjsl.com/~jharris/ka/2006-05-14/ Signatures are now being checked using keyanalyze+sigcheck: http://dtype.org/~aaronl/ Earlier reports are also available, for comparison: http://keyserver.kjsl.com/~jharris/ka/ Even earlier monthly reports are at: http://dtype.org/keyanalyze/ SHA-1 hashes and sizes for all the permanent files: 44dbf609c299d1fe2146659c6dd72de13162a42313694148preprocess.keys 6c2a1eb54e1eee960143cc504fc5b672184193db8160569 othersets.txt a2b18cfaceba527e2173269fbc1dce0d0dd8a9513336420 msd-sorted.txt a751f9d5477744a4f5e5ce6ebad6a60908e317ee1372index.html 70cbd1c5e5af5c761eef9a72ca850e01e3f7bf332291keyring_stats c600753e41078d32f321110f33c3b4987f6ce59f1310528 msd-sorted.txt.bz2 946de464f9e4058e4153edff59eb2a151a9ddfe026 other.txt 31ecaef58572e108ec4bbf637fe42a10afa1a64d1766759 othersets.txt.bz2 62f7477c91d2670c64db98f5dca0ff8d21a30ead5552581 preprocess.keys.bz2 853c061e457d61d1bf71cb3689308fe0dcd45ca913863 status.txt 37a50fbb8244bd44345d90abe8bef55f8ac357e1209708 top1000table.html 2a8d8035e179ceab45aeb901c69003bd6089094029938 top1000table.html.gz 0bf2d12670f813def17ff312799a80dfa42556b210789 top50table.html b560f460ec3350b76234b5b8267ff1e008ba76b02544D3/D39DA0E3 -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? [EMAIL PROTECTED] _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 pgpM8murnEX4t.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
new (2006-04-30) keyanalyze results (+sigcheck)
New keyanalyze results are available at: http://keyserver.kjsl.com/~jharris/ka/2006-04-30/ Signatures are now being checked using keyanalyze+sigcheck: http://dtype.org/~aaronl/ Earlier reports are also available, for comparison: http://keyserver.kjsl.com/~jharris/ka/ Even earlier monthly reports are at: http://dtype.org/keyanalyze/ SHA-1 hashes and sizes for all the permanent files: 1059588ed173448de70c3e1d59c248e5515f8d5013610124preprocess.keys 6ad818eb0684c5876ff6ad5096b122438af86bbd8140670 othersets.txt b6bc38794747fe0d50c0e3b2bf16ec67234dbb493329280 msd-sorted.txt a751f9d5477744a4f5e5ce6ebad6a60908e317ee1372index.html a049a273fc202a3ccaf6bf3f0b6dc0d7896994522291keyring_stats dbd6ebd35a2540058dc4e6c04100a27f07fbd2b51307051 msd-sorted.txt.bz2 11bdfc7319ddb9743e711588a74d24197ce7b58d26 other.txt f44cec3fafd07f5d4978eaba05119460980e539a1763303 othersets.txt.bz2 86ec1e9f06530c4f2ced848ed21308d85a02c56e5524740 preprocess.keys.bz2 3ae9972bcbb257e945ff314ddc86663cfb335afc13882 status.txt 216644d26ab6366a7e65ab983c0f94e775f11484209761 top1000table.html 3d48ed7719e6e0cf8f66d1876f10b80d90fa597029956 top1000table.html.gz 1bdfb1066ed3518180d95db17bc1dfa5d97d5c0010776 top50table.html a34f50531c228cc99ac92985e754a7f907f247142544D3/D39DA0E3 -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? [EMAIL PROTECTED] _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 pgpwDqsNXVBvQ.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
new (2006-04-16) keyanalyze results (+sigcheck)
New keyanalyze results are available at: http://keyserver.kjsl.com/~jharris/ka/2006-04-16/ Signatures are now being checked using keyanalyze+sigcheck: http://dtype.org/~aaronl/ Earlier reports are also available, for comparison: http://keyserver.kjsl.com/~jharris/ka/ Even earlier monthly reports are at: http://dtype.org/keyanalyze/ SHA-1 hashes and sizes for all the permanent files: bcae9e919f27181b4b6165deef9f25f4edf7601713566726preprocess.keys e14208245d6bc0b20703c2b4ae41c00bc8d50b888118523 othersets.txt e934a8b44346724672d8e3f1f0c60565c1e1b45a3318196 msd-sorted.txt a751f9d5477744a4f5e5ce6ebad6a60908e317ee1372index.html 2cafbf5dd62b433f7c0b27b1cd44b765f667b5b62291keyring_stats 25ea10b490e855f21a74c60ee7d0edbf8ca59b941303775 msd-sorted.txt.bz2 84d03fab61a4d2748b77fcb37768b7db63ab9fb926 other.txt ad6f00a117a546a2f8536f1e2ae01399cf19c01b1758078 othersets.txt.bz2 da61f8f8ab90544cc09768ddf27941b0fdcac5ae5502227 preprocess.keys.bz2 cb89d204320864bb870f114c2747d857188684e813741 status.txt 7237a3d9071073a6822ab93a99c713c7bdfdfd9f209731 top1000table.html 7e054a1b7d423bf4ead6425a252654eb0a9e40bd29874 top1000table.html.gz 9b6a0a0dbb6b85d7e951f228c1df6db0fa02f53b10776 top50table.html 83a3a2e3a1d33385b01706c729350d9606c19bc72544D3/D39DA0E3 -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? [EMAIL PROTECTED] _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 pgpYbmxJpop18.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
new (2006-03-19) keyanalyze results (+sigcheck)
New keyanalyze results are available at: http://keyserver.kjsl.com/~jharris/ka/2006-03-19/ Signatures are now being checked using keyanalyze+sigcheck: http://dtype.org/~aaronl/ Earlier reports are also available, for comparison: http://keyserver.kjsl.com/~jharris/ka/ Even earlier monthly reports are at: http://dtype.org/keyanalyze/ SHA-1 hashes and sizes for all the permanent files: 42f41c0ec053e69962a39725d086c439ac949ae013502250preprocess.keys 9db98972c47d8211936a2d6c5613c7ef049d43fa8093130 othersets.txt 182bb9f38cdad28e6aedf97840ea83eb7f19354d3310342 msd-sorted.txt a751f9d5477744a4f5e5ce6ebad6a60908e317ee1372index.html 2768956a80bcc898fc2a52ce86fc1adcda3ec8702291keyring_stats 53af7022a35f776759827a914b9aa969190ebbab1300050 msd-sorted.txt.bz2 e47fe01b6fc27b8afee93e27daca0a54c6fb4d6426 other.txt c6aae14e09db7d281f5aecef414d0ff0a4c497a11751618 othersets.txt.bz2 bbba2a226881fe28dbea74b9088a8a39c1fe28055466524 preprocess.keys.bz2 ef27a0d4bc58e5382c7171f96d8e99c2f746078613742 status.txt 7c31dc78708944eb8f342b9b1240e826c78cc612209832 top1000table.html a9e02c0d2e37d042f79ca19580d0a8206b138abc29875 top1000table.html.gz 4f0864a9f27b28166cf4762ac61eb9d23257a10710776 top50table.html ffb4922c1a83ead0d6316366e4e5485de5e2a7cb2544D3/D39DA0E3 -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? [EMAIL PROTECTED] _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 pgpTJp9g72xfi.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: URL returned error: 500 when sending key to server
On Mon, Mar 20, 2006 at 01:52:01AM +0100, Daniel Stöckner wrote: I created a standard key-pair for my mail-address. When trying to send the key to one of the servers with: gpg -v -v --keyserver subkeys.pgp.net --send-key my key-ID I get the following message: gpg: sending key my key-ID to hkp server subkeys.pgp.net gpgkeys: HTTP post error 22: The requested URL returned error: 500 It is again and again reproducible. 195.113.19.83 (pks.gpg.cz) and 212.247.204.136 (party.nic.se) return this error for me, the other servers don't. Does that mean Internal Server Error as with http? I don't know what to do about this or even if I can do anything about this. I haven't found any solution here or with google. Any hint greatly appreciated! Thanks in advance! Hopefully the admins of these servers will check their logs and reply. -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? [EMAIL PROTECTED] _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 pgpSy1RhoW9Mp.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
new (2006-03-05) keyanalyze results (+sigcheck)
New keyanalyze results are available at: http://keyserver.kjsl.com/~jharris/ka/2006-03-05/ Signatures are now being checked using keyanalyze+sigcheck: http://dtype.org/~aaronl/ Earlier reports are also available, for comparison: http://keyserver.kjsl.com/~jharris/ka/ Even earlier monthly reports are at: http://dtype.org/keyanalyze/ SHA-1 hashes and sizes for all the permanent files: 696cbdd0ea6dcd7d6092ef556ca5858df9e78d4813421916preprocess.keys 432c526fb5a74d2b2f76deff2d6a1d326a7fe98f8071792 othersets.txt 9e77fda9b3062a34be06bd52eff20e4d409300b43296640 msd-sorted.txt a751f9d5477744a4f5e5ce6ebad6a60908e317ee1372index.html ab2e4191117a1b2daa368e3bc21aac73c89a7e672291keyring_stats 3d703ba67cd749ac1a5be4885c10fd641df342591295948 msd-sorted.txt.bz2 ca80b83d8e9b6cf7fb43824bc45c0f6a1f50b6a726 other.txt d3ce0a6aacbb2d6d28e82ae495dac269021764f91746431 othersets.txt.bz2 f985211c71b5e0b1099553cef7eb6ad1ba7c45665441921 preprocess.keys.bz2 de45f3736e7c4710eff26b2eac0abee5d22fc33113454 status.txt 8215a8171333e6c702f744a9fd9873943e5eccb4209898 top1000table.html 75f811cc1d420da4f4b9a6aea831835a82fac8c329977 top1000table.html.gz cf55849b2ded63023a6bcff388da2d0823a902fc10779 top50table.html dfc7fdf2deb3ddfb375ee811ce8c04715b0288b12544D3/D39DA0E3 -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? [EMAIL PROTECTED] _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 pgp2nTPdNypwg.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
new (2006-02-19) keyanalyze results (+sigcheck)
New keyanalyze results are available at: http://keyserver.kjsl.com/~jharris/ka/2006-02-19/ Signatures are now being checked using keyanalyze+sigcheck: http://dtype.org/~aaronl/ Earlier reports are also available, for comparison: http://keyserver.kjsl.com/~jharris/ka/ Even earlier monthly reports are at: http://dtype.org/keyanalyze/ SHA-1 hashes and sizes for all the permanent files: 0a6e11e334d49ee84c31b9ef2cbd5022c0f2260a13345164preprocess.keys fd73e40577b1ea72f25d39de4e6ff2e9014ad1c28048305 othersets.txt 7dbf74b0436da5d4201bb43cb78760b686efedbf3290588 msd-sorted.txt a751f9d5477744a4f5e5ce6ebad6a60908e317ee1372index.html 4df8a23c192c16511bfcc4fc9644bdc60dd6da5c2291keyring_stats 37722a9bee389b045e447d1a2e81ae580e11e4ad1293435 msd-sorted.txt.bz2 d42f3646de666c023d11e7ef68c4d1d789a728f626 other.txt 399a07272d608b746bf6a374ca6939613429fb8e1740645 othersets.txt.bz2 7fbda0478090769a5c18e1804713d39346e35a3a5414731 preprocess.keys.bz2 16077143ed4b9bf9ccd7fd3eba39978fb83301f813643 status.txt de6fcadeb2589e0496a7ec6b910bbdd1b21dca82209957 top1000table.html 97f7c9c49dc802ccc296eabfb0f1f4227f65908f30049 top1000table.html.gz 7b167ed506954f3bfee1ebfa0d5dff67f21035c510771 top50table.html 756af2551f40f00819d79a522235b18f1d05f10f2544D3/D39DA0E3 -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? [EMAIL PROTECTED] _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 pgpjaJDEFYy91.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
new (2006-01-08) keyanalyze results (+sigcheck)
New keyanalyze results are available at: http://keyserver.kjsl.com/~jharris/ka/2006-01-08/ Signatures are now being checked using keyanalyze+sigcheck: http://dtype.org/~aaronl/ Earlier reports are also available, for comparison: http://keyserver.kjsl.com/~jharris/ka/ Even earlier monthly reports are at: http://dtype.org/keyanalyze/ SHA-1 hashes and sizes for all the permanent files: 5bb5d8a407e06b5a6b6e0ce501a45bf59134cc1a13201218preprocess.keys 39ce26b91187732004474f5a9fc821b2772c4f40798 othersets.txt 8db103fd8007c9e2b07d07495509457d6b1910323265292 msd-sorted.txt a751f9d5477744a4f5e5ce6ebad6a60908e317ee1372index.html be184646b736dd40e6eca5c76ce71153364156bb2291keyring_stats 07ed524e7f7b3a5e7ab7d1c8bb80641d2ff633a71278076 msd-sorted.txt.bz2 29b525da814cf19d8ddd1b3ae67835fd5807457c26 other.txt 9fef3fa32a80b6f772502b28ae88409e8562a7ad1722601 othersets.txt.bz2 d91508dbac9382994fdf69031317476ae0d73c0b5342573 preprocess.keys.bz2 dbb2b34d7385fa93c2454e73a33ba955e7294bd913336 status.txt 78315a010646c70e3f6a75bfd8aacce7a6493b74210078 top1000table.html e506bb7f276b3ee43632998b19084211b9d2951e30083 top1000table.html.gz a28e7f0cd5362b007604f00a1bdd3fca8005b99c10780 top50table.html b1610820aa1e16cabf4b6e4f2e6c07aeb871f8b22514D3/D39DA0E3 -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? [EMAIL PROTECTED] _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 pgpiGRadYJT7w.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
new (2005-12-25) keyanalyze results (+sigcheck)
New keyanalyze results are available at: http://keyserver.kjsl.com/~jharris/ka/2005-12-25/ Signatures are now being checked using keyanalyze+sigcheck: http://dtype.org/~aaronl/ Earlier reports are also available, for comparison: http://keyserver.kjsl.com/~jharris/ka/ Even earlier monthly reports are at: http://dtype.org/keyanalyze/ SHA-1 hashes and sizes for all the permanent files: 32be96fbd9b82ec0c47fa76dc9cbe7d89629693113225176preprocess.keys a09835e20ab039cc14ec1059e2e848a11cb639e77998390 othersets.txt 0173b7d1379e0fec615990b10e5b3af0da780ffa3269678 msd-sorted.txt a751f9d5477744a4f5e5ce6ebad6a60908e317ee1372index.html be184646b736dd40e6eca5c76ce71153364156bb2291keyring_stats 07ed524e7f7b3a5e7ab7d1c8bb80641d2ff633a71278076 msd-sorted.txt.bz2 29b525da814cf19d8ddd1b3ae67835fd5807457c26 other.txt 9fef3fa32a80b6f772502b28ae88409e8562a7ad1722601 othersets.txt.bz2 d91508dbac9382994fdf69031317476ae0d73c0b5342573 preprocess.keys.bz2 dbb2b34d7385fa93c2454e73a33ba955e7294bd913336 status.txt 78315a010646c70e3f6a75bfd8aacce7a6493b74210078 top1000table.html e506bb7f276b3ee43632998b19084211b9d2951e30083 top1000table.html.gz a28e7f0cd5362b007604f00a1bdd3fca8005b99c10780 top50table.html b1610820aa1e16cabf4b6e4f2e6c07aeb871f8b22514D3/D39DA0E3 -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? [EMAIL PROTECTED] _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 pgppafc0SK336.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
new (2005-12-11) keyanalyze results (+sigcheck)
New keyanalyze results are available at: http://keyserver.kjsl.com/~jharris/ka/2005-12-11/ Signatures are now being checked using keyanalyze+sigcheck: http://dtype.org/~aaronl/ Earlier reports are also available, for comparison: http://keyserver.kjsl.com/~jharris/ka/ Even earlier monthly reports are at: http://dtype.org/keyanalyze/ SHA-1 hashes and sizes for all the permanent files: 489935cbcf0a6047fd26a45c72b65f2ec9e8fdb713171806preprocess.keys 029de743b3e436e968301fec2effab831e0aa4bb7963616 othersets.txt 7e61c672464edd69f9ab62594027540bc52744653249040 msd-sorted.txt a751f9d5477744a4f5e5ce6ebad6a60908e317ee1372index.html be184646b736dd40e6eca5c76ce71153364156bb2291keyring_stats 07ed524e7f7b3a5e7ab7d1c8bb80641d2ff633a71278076 msd-sorted.txt.bz2 29b525da814cf19d8ddd1b3ae67835fd5807457c26 other.txt 9fef3fa32a80b6f772502b28ae88409e8562a7ad1722601 othersets.txt.bz2 d91508dbac9382994fdf69031317476ae0d73c0b5342573 preprocess.keys.bz2 dbb2b34d7385fa93c2454e73a33ba955e7294bd913336 status.txt 78315a010646c70e3f6a75bfd8aacce7a6493b74210078 top1000table.html e506bb7f276b3ee43632998b19084211b9d2951e30083 top1000table.html.gz a28e7f0cd5362b007604f00a1bdd3fca8005b99c10780 top50table.html b1610820aa1e16cabf4b6e4f2e6c07aeb871f8b22514D3/D39DA0E3 -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? [EMAIL PROTECTED] _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 pgpmsB1s5yMZV.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
new (2005-10-30) keyanalyze results (+sigcheck)
New keyanalyze results are available at: http://keyserver.kjsl.com/~jharris/ka/2005-10-30/ Signatures are now being checked using keyanalyze+sigcheck: http://dtype.org/~aaronl/ Earlier reports are also available, for comparison: http://keyserver.kjsl.com/~jharris/ka/ Even earlier monthly reports are at: http://dtype.org/keyanalyze/ SHA-1 hashes and sizes for all the permanent files: 3e6c4374c518fe0e4f1ab7d5ad0cf202f32a4d9a12995802preprocess.keys e323678ff209a753ccfc63bd44a0685fa9043a2c7897075 othersets.txt c83c98916d680e683fe874901ad4215945f160e33213544 msd-sorted.txt a751f9d5477744a4f5e5ce6ebad6a60908e317ee1372index.html 48aa6eeba917566a7dbae33d38dad03139f501eb2289keyring_stats 9051ff0295caf5c5007aad15ff2c88994368e2a21263611 msd-sorted.txt.bz2 74db707dc86ddf09fccbb2c6d676dbb7998c9fc026 other.txt 311f02a3873639b1e876caac3f498450d15b8c411707295 othersets.txt.bz2 215ceff9a147a4f0594bf00f446872d4d38620a85258841 preprocess.keys.bz2 9556f667b247069ae7bff58a5514ccf708a0306113167 status.txt ed6cb190d7b62fd8d998aec99e6147845502f127210163 top1000table.html b337b7ed2195bcd6c0747ea19ac4032efc98348130190 top1000table.html.gz f0255b1e1a0aef19b925b0cba8d2c9c8ba37551410789 top50table.html 3480e6c8561f512c476eb74f2d78d47701b2edb82554D3/D39DA0E3 -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? [EMAIL PROTECTED] _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 pgpSORVn3RyD3.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
new (2005-10-16) keyanalyze results (+sigcheck)
New keyanalyze results are available at: http://keyserver.kjsl.com/~jharris/ka/2005-10-16/ Signatures are now being checked using keyanalyze+sigcheck: http://dtype.org/~aaronl/ Earlier reports are also available, for comparison: http://keyserver.kjsl.com/~jharris/ka/ Even earlier monthly reports are at: http://dtype.org/keyanalyze/ SHA-1 hashes and sizes for all the permanent files: 0c24fc1a8f0460a684adead03c4a7d75f6ab05d612961044preprocess.keys a81756c80b2e8e1ca4707cae5ec1cb110e766a6a7879988 othersets.txt 471a94cc551df864f336f07f7f9302b11bf474803209328 msd-sorted.txt a751f9d5477744a4f5e5ce6ebad6a60908e317ee1372index.html dd753055135324a3a3e3a044f90cd5086a1618552291keyring_stats 04c604743a47b6df1a86993007d73e4bc65aa25c1261656 msd-sorted.txt.bz2 3af077d39605ed6104ca445d9f4e4dcf8ba6866226 other.txt e427f66b822bda6ef2ee0e096bbd965a149017261703033 othersets.txt.bz2 9f3af8a41d66cd99749fd5791dab4336af6e255e5242735 preprocess.keys.bz2 e08590542b279056a050a76e2a1db66b14e6f9ee13357 status.txt 6c554b4ed39106b25fe6e88defff550ed1db7e08210178 top1000table.html d52e1c405cb167e970f4475a4b9b9a9babd5b0ef30228 top1000table.html.gz a54f6dd2ea497b7a0b5bad758c1e0a8a1d762e7610778 top50table.html 40b84290946d44d87126d31075da13027fe72b802534D3/D39DA0E3 -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? [EMAIL PROTECTED] _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 pgphlS6HZ2Oj6.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
new (2005-10-02) keyanalyze results (+sigcheck)
New keyanalyze results are available at: http://keyserver.kjsl.com/~jharris/ka/2005-10-02/ Signatures are now being checked using keyanalyze+sigcheck: http://dtype.org/~aaronl/ Earlier reports are also available, for comparison: http://keyserver.kjsl.com/~jharris/ka/ Even earlier monthly reports are at: http://dtype.org/keyanalyze/ SHA-1 hashes and sizes for all the permanent files: d6e50df1177792614ddbb5e43a15b49310f6f94112947184preprocess.keys f666283ecd536cf2d0c5945904c58c39d375d23d7862191 othersets.txt 8948301e4cacdf503fe44a49f02d6ef71a03fa4a3200998 msd-sorted.txt a751f9d5477744a4f5e5ce6ebad6a60908e317ee1372index.html ade9297d0da50dfcd4c6a6aac95709f311eba8932291keyring_stats 69e3aac3abb36fc0a559e0b363f3136dbeae54a21257968 msd-sorted.txt.bz2 52fa7027f38d9949a822d2135205123a72ae57db26 other.txt ff4d2f0c0fa01f7a75cde70f7f7d2e0010c570661698198 othersets.txt.bz2 235a7261f3ba4ea875091cde18e2f8c665106cb35236059 preprocess.keys.bz2 dcd7d8399a89f69c55cf3bcbf06501db76004b2013048 status.txt eb38eb05f353370b681cf273fdcac789ab233c66210116 top1000table.html 53b6f84a522ff51e50ca7aa464560068cbeeb28130145 top1000table.html.gz a0b818d1dc685c364de317ca2adb4b094529faa610778 top50table.html a93b13a379789fde934a552e5be01ea11034b8ff2514D3/D39DA0E3 -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? [EMAIL PROTECTED] _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 pgply10VetU94.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Sks-devel] stripping GD sigs (was: Re: clean sigs)
On Fri, Sep 09, 2005 at 08:31:35AM -0400, David Shaw wrote: On Fri, Sep 09, 2005 at 12:22:00AM -0400, Jason Harris wrote: [I'll address your other points later.] If you insist on presenting a different view to users than the entire rest of the keyserver net, without any way to turn such a feature off, then I suggest that keyserver.kjsl.com be removed from the subkeys.pgp.net rotation. It will cause more confusion than benefit. I pointed out the potential for confusion before. But, now, I'm convinced the best solution _is_ to remove the GD sigs from non- GD keyservers. Also, subkeys.pgp.net is about _subkeys_. If you want gd-retention.pgp.net, go ahead and ask Piete to create it, then configure GPG to use it by default. As well, please give OpenPGP users more credit. They seem to be quite capable of comprehending the differences among keyservers. -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? [EMAIL PROTECTED] _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 pgpSXqf5IIQuP.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
stripping GD sigs (was: Re: clean sigs)
On Thu, Sep 08, 2005 at 08:00:25PM -0400, David Shaw wrote: On Fri, Sep 09, 2005 at 12:33:47AM +0200, Dirk Traulsen wrote: 3. Because now I was irritated, I did the same again with a different keyserver 'keyserver.kjsl.com' and I got a completely different result! When I fetched the key 08B0A90B, here it didn't have 47 sigs, but only 15 sigs (see below output2). There was only a double self sig, which 'clean' removed later. How can this be, if the keyservers are synchronized? Looks like they're not all that well synchronized :) Well, keyserver.ubuntu.com is still not participating in email syncs to non-SKS keyservers, but that's a different problem. keyserver.kjsl.com is now stripping all GD sigs. The extra variable in kd_search.c and code for 'case 2:' of make_keys_elem(), respectively: static unsigned char gdkeyid[8] = {0x97, 0x10, 0xB8, 0x9B, 0xCA, 0x57, 0xAD, 0x7C}; if ((keyid.size == 8) (keyid.offset == 0) (memcmp (keyid.data, gdkeyid, 8) == 0)) { break; } -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? [EMAIL PROTECTED] _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 pgpKGmmP5MbVf.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Sks-devel] stripping GD sigs (was: Re: clean sigs)
On Thu, Sep 08, 2005 at 10:28:29PM -0400, David Shaw wrote: On Thu, Sep 08, 2005 at 10:08:24PM -0400, Jason Harris wrote: keyserver.kjsl.com is now stripping all GD sigs. The extra variable in kd_search.c and code for 'case 2:' of make_keys_elem(), respectively: It's your keyserver, and you of course make the choices for what it carries, but for the record, I think this is a bad idea. Skipping the usual discussion about the GD (I don't think anyone will convince anyone else at this point), you do realize that this means you are making a decision to edit the web of trust for others based on your own personal criteria. I'd be all in favor of an option where users could elect to filter out keys: that would put the user in control. Forcing your decision on others by stripping signatures is a very disturbing step. Not at all. Anyone who wants sigs from the GD should use that keyserver. They're still available from it, and, remember, expired sigs don't affect the WoT, so what's the point of the well-synchronized keyservers keeping GD sigs? -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? [EMAIL PROTECTED] _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 pgpVpCDcbiDjD.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
new (2005-08-21) keyanalyze results (+sigcheck)
New keyanalyze results are available at: http://keyserver.kjsl.com/~jharris/ka/2005-08-21/ Signatures are now being checked using keyanalyze+sigcheck: http://dtype.org/~aaronl/ Earlier reports are also available, for comparison: http://keyserver.kjsl.com/~jharris/ka/ Even earlier monthly reports are at: http://dtype.org/keyanalyze/ SHA-1 hashes and sizes for all the permanent files: 11a84477ea1767d5571a1174bbe5da38afce643112835404preprocess.keys cab4bc824be2eff90aa7f308bde32263d741144f7852806 othersets.txt 2c26174913fd87b1e1066153860b6f36a3e88c253176518 msd-sorted.txt a751f9d5477744a4f5e5ce6ebad6a60908e317ee1372index.html 743a69b145d77960306201b3d9b86860531ea96d2291keyring_stats 989e7452aef79216f49218d34146003241e927521248130 msd-sorted.txt.bz2 257464118ffc561de82b0990a0f6a226b168876726 other.txt b5bc4f5ba038a4d012489e71688622d1a8c355bc1691928 othersets.txt.bz2 103468b10918b291057e5e197015db2d2c101e915190971 preprocess.keys.bz2 2c6e0e15f32a7e15280ab5d3a5fc9330a62b9d6513259 status.txt 8811a1ca6eb8dddb59d6fe602a73be362c24bdbe210298 top1000table.html d360f72be6186cbd44f0742793ff992e26cb7c2e30253 top1000table.html.gz 9e3e836b381fecfa38946c36cbf50a0e6f72413610789 top50table.html a79f628ea931b2a47270ab827ec9e20dc95162052534D3/D39DA0E3 -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? [EMAIL PROTECTED] _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 pgp2ZGGjYA8G0.pgp Description: PGP signature ___ Gnupg-users mailing list [EMAIL PROTECTED] http://lists.gnupg.org/mailman/listinfo/gnupg-users
zero-length MPIs (was: Re: mpi error with check-trustdb in 1.4.2 - resolved)
On Thu, Aug 11, 2005 at 12:02:17PM -0400, Jason Harris wrote: On Wed, Aug 10, 2005 at 10:30:09PM -0500, John Clizbe wrote: Tracked down the two offending keys and deleted them with 1.4.1. They both failed to import from a keyserver with 1.4.2 with the same mpi error, so I'm marking it off to key cruft. Here are some more offending keys: 0xA0B3E88B 0xFC05DA69 0x0FCF6738 0xCC78C893 0x98FDE37C 0x74C9DE33 0x57023F00 - corrupt subkey Fetching them from keyserver.kjsl.com is now possible with gnupg-1.4.2. To patch pks, add this to the middle of decode_mpi() (in pgputil.c): /* skip packets with 0-length MPIs for GPG's benefit (gnupg-1.4.2) */ if (mpi-nbits == 0) { return (0); } -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? [EMAIL PROTECTED] _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 pgpXeuUVhq6vB.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: SKS v. unknown HTTP headers (was: Re: IPv6 failover?)
On Thu, Aug 04, 2005 at 07:54:09AM -0400, David Shaw wrote: On Thu, Aug 04, 2005 at 12:24:27AM -0400, Jason Harris wrote: Thus, in reality, the Expect: 100-continue header appears to be confusing SKS (during POSTs). Hmm. No really good way to fix that in GPG or curl since they can't detect that a server is 1.0 without doing a GET first. Curl, if I Disregard that. It isn't the Expect: header, it was the [s]scanf. This patch fixes it: diff -u -r1.5 dbserver.ml --- dbserver.ml +++ dbserver.ml @@ -415,8 +415,9 @@ let request = Wserver.strip request in match request with /pks/add - - let keytext = Scanf.sscanf body keytext=%s (fun s - s) in + let keytext = Scanf.sscanf body keytext%s (fun s - s) in let keytext = Wserver.decode keytext in + let keytext = Str.string_after keytext 1 in let keys = Armor.decode_pubkey keytext in plerror 3 Handling /pks/add for %d keys (List.length keys); -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? [EMAIL PROTECTED] _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 pgpIDzPHesXTN.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Announce] GnuPG 1.4.2 released
On Sat, Jul 30, 2005 at 09:28:28PM -0400, David Shaw wrote: On Sat, Jul 30, 2005 at 02:20:35PM -0400, Jason Harris wrote: Thought you'd get a kick out of that... :) Note that in the next release of GnuPG, --with-libcurl will be the default. (So the more people who try it now, and report back any problems, the better). Here's one, on a box with IPv6 support but not connectivity: %gpg --keyserver keyserver.linux.it --send 0xd39da0e3 gpg: sending key D39DA0E3 to hkp server keyserver.linux.it gpgkeys: HTTP URL is `http://keyserver.linux.it:11371/pks/add' gpgkeys: HTTP post error 22: Failed to connect to 2001:1418:13:10::1: No route to host -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? [EMAIL PROTECTED] _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 pgpA3mJ0cewM6.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: IPv6 failover?
On Wed, Aug 03, 2005 at 07:25:41PM -0400, David Shaw wrote: The thing is, if you have a --with-libcurl build, this failover would need to happen within curl itself. What happens if you do: curl http://keyserver.linux.it:11371/pks/add on the command line. Obviously it won't do anything keyserver-wise, but does it manage to connect? It does: %curl -v http://keyserver.linux.it:11371/pks/add * About to connect() to keyserver.linux.it port 11371 * Trying 2001:1418:13:10::1... Failed to connect to 2001:1418:13:10::1: No route to host * Undefined error: 0 * Trying 62.94.26.10... connected * Connected to keyserver.linux.it (62.94.26.10) port 11371 [snip] Looking at http://curl.haxx.se/libcurl/c/curl_easy_setopt.html , this might do the trick: curl_easy_setopt (..., CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4); if any connection, which always seems to prefer IPv6, doesn't at first succeed. -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? [EMAIL PROTECTED] _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 pgpzELgIB0rTb.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
SKS v. unknown HTTP headers (was: Re: IPv6 failover?)
On Wed, Aug 03, 2005 at 08:44:18PM -0400, David Shaw wrote: On Wed, Aug 03, 2005 at 08:18:35PM -0400, Jason Harris wrote: Looking at http://curl.haxx.se/libcurl/c/curl_easy_setopt.html , this might do the trick: curl_easy_setopt (..., CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4); if any connection, which always seems to prefer IPv6, doesn't at first succeed. I'm not sure. CURL_IPRESOLVE_V4 is documented to force the connection to IPv4. That is, it'll ignore IPv6 addresses altogether, rather than try to connect and then fail over within curl. What happens if you add a -4 to the command line above? That sets CURL_IPRESOLVE_V4. (That works fine, of course.) Also, going back to the original problem, can you send me the output when you try fetching a key with --keyserver-options debug set? OK, with --recv I see it falls back from v6 to v4, which is good, but it fails with --send: %gpg --keyserver-options debug --keyserver keyserver.linux.it --send ... gpg: sending key ... to hkp server keyserver.linux.it Host: keyserver.linux.it Command:SEND gpgkeys: HTTP URL is `http://keyserver.linux.it:11371/pks/add' * About to connect() to keyserver.linux.it port 11371 * Trying 2001:1418:13:10::1... * Failed to connect to 2001:1418:13:10::1: No route to host * Undefined error: 0 * Trying 62.94.26.10... * connected * Connected to keyserver.linux.it (62.94.26.10) port 11371 POST /pks/add HTTP/1.1 Host: keyserver.linux.it:11371 Accept: */* Content-Length: 2246 Content-Type: application/x-www-form-urlencoded Expect: 100-continue HTTP/1.1 100 Continue * The requested URL returned error: 500 * Closing connection #0 gpgkeys: HTTP post error 22: Failed to connect to 2001:1418:13:10::1: No route to host However, this seems to be specific to SKS. My SKS log reports: 2005-08-04 ... ... Error handling request (POST,/pks/add,[+accept:*/*+content-length:2246+content-type:application/x-www-form-urlencoded+expect:100-continue+host:skylane.kjsl.com:21371]): Scanf.Scan_failure(scanf: bad input at char number 8: looking for =, found %) so the connection is being made (in this case via IPv4; skylane also has an record). Moreover, the error messages from curl are confusing this issue. Thus, in reality, the Expect: 100-continue header appears to be confusing SKS (during POSTs). -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? [EMAIL PROTECTED] _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 pgp83RiibzDZH.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Announce] GnuPG 1.4.2 released
On Wed, Jul 27, 2005 at 09:53:27AM +0200, Werner Koch wrote: We are pleased to announce the availability of a new stable GnuPG release: Version 1.4.2 What's New === * New experimental HKP keyserver helper that uses the cURL library. It is enabled via the configure option --with-libcurl like the other (also experimental) cURL helpers. Please make sure to also apply the attached patch. When enabled (./configure --with-libcurl=DIR), connections to hkp://keyserver.kjsl.com will be persistent/reused and pipelined (as defined in RFC 2616). Enjoy (responsibly)! -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? [EMAIL PROTECTED] _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 pgpDoCZiY5UgE.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
new (2005-07-24) keyanalyze results (+sigcheck)
New keyanalyze results are available at: http://keyserver.kjsl.com/~jharris/ka/2005-07-24/ Signatures are now being checked using keyanalyze+sigcheck: http://dtype.org/~aaronl/ Earlier reports are also available, for comparison: http://keyserver.kjsl.com/~jharris/ka/ Even earlier monthly reports are at: http://dtype.org/keyanalyze/ SHA-1 hashes and sizes for all the permanent files: 1d5b6f31f5dadcf51a8e3f1ba7d9b6886ab714b112683034preprocess.keys 049222cb8f7dd353e1201ce0da8eb5812054799e7831850 othersets.txt 2ccaedff263dffc4a17bb75c1f51a1a6324c522d3159722 msd-sorted.txt a751f9d5477744a4f5e5ce6ebad6a60908e317ee1372index.html 5256ee2fd5ed9b9d5124d4f580eb02a22f8b0c262291keyring_stats 7c4ea2569d1093a4c4a6e1e7ceefc83d2a3553af1242476 msd-sorted.txt.bz2 bde26494c9adf32bc415aa4794794ef7edd0a1ae26 other.txt 736856b9e41f302734fc2812d4da9728dbc22e8f1686538 othersets.txt.bz2 8c41c822ea107d7beae407796564f31cc28408d15138698 preprocess.keys.bz2 a7e5d622ef84e92a95443af811dd2f1f4bc7ac9412827 status.txt 92d8e8de0872f81f55ba2d1910fae1cfcad3a439210320 top1000table.html bee92bfedf809a5828365a840e00443f47465f6430298 top1000table.html.gz 9bdf18aeab3060ee7130f5b5aff0c2812756b76010865 top50table.html 203306fcd34c52e8d4787012466983dad7b758142534D3/D39DA0E3 -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? [EMAIL PROTECTED] _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 pgpifkRAXskm6.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
new (2005-07-10) keyanalyze results (+sigcheck)
New keyanalyze results are available at: http://keyserver.kjsl.com/~jharris/ka/2005-07-10/ Signatures are now being checked using keyanalyze+sigcheck: http://dtype.org/~aaronl/ Earlier reports are also available, for comparison: http://keyserver.kjsl.com/~jharris/ka/ Even earlier monthly reports are at: http://dtype.org/keyanalyze/ SHA-1 hashes and sizes for all the permanent files: a69ec150d415097cc85c992256fb20d03fdab7eb12509676preprocess.keys a1cdc922d7de0be310c3bebc95a7185bb4680b017784908 othersets.txt 3422908cd44faad17df224fcdb0c23d1dbc3e7373145068 msd-sorted.txt a751f9d5477744a4f5e5ce6ebad6a60908e317ee1372index.html c20868dae5cbc87ea2966c7d712fcc44a39b22292291keyring_stats 43e902605bf34511d8aac8b6ce4fcd3b945f7fe51235961 msd-sorted.txt.bz2 8a0f380f82ca7fd513a98051391aac04c830083f26 other.txt 66022fbb396656b749d277afc1203e2c7b725f391677319 othersets.txt.bz2 e6e074eaf29fae4063c8021a9db26dc8d89228865084242 preprocess.keys.bz2 df7a997e16d47c605d143cd5d618214409e974fc12543 status.txt 1b7cc30fa163e40aeda7e3142f2aae20cc88217e210298 top1000table.html 76a25f6578c0044a723ead174bce9e4a02d11a3c30101 top1000table.html.gz 32a420454f06a3d181233cc8c8239c3d2015808710895 top50table.html c710731bd1ef697ba6db1a2436231303904af8ff2639D3/D39DA0E3 -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? [EMAIL PROTECTED] _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 pgpy4XfuajvLm.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
new (2005-06-26) keyanalyze results (+sigcheck)
New keyanalyze results are available at: http://keyserver.kjsl.com/~jharris/ka/2005-06-26/ Signatures are now being checked using keyanalyze+sigcheck: http://dtype.org/~aaronl/ Earlier reports are also available, for comparison: http://keyserver.kjsl.com/~jharris/ka/ Even earlier monthly reports are at: http://dtype.org/keyanalyze/ SHA-1 hashes and sizes for all the permanent files: b5a00abe3b776c83b0af690a5f7c91c16a0e421f12298572preprocess.keys 61270c9e47cd0b472d2627ca1c7e3306d41977bf7706862 othersets.txt 80d81c2a1c0fce0b29b49400d696d82f9938b8c63083834 msd-sorted.txt ee7513d6673185c48dd654a1e8e683b1f7c8788f1450index.html 011d6f0ec83a45fca4f757fbe5a318fd483e1d172291keyring_stats 228d54ef15916d9af2211c8c92c4cb860c9572b51212645 msd-sorted.txt.bz2 81ca8f4957d98f37a7696c4e4b36a59fe5322b4326 other.txt d935a36758e1edb01699c052d7f37f779628db5f1661135 othersets.txt.bz2 e659ce52d5bbb1ec9d8046174e2e6f7cf9eb1f955028165 preprocess.keys.bz2 03ea0473e8b685c83695bfc9784375915438044412275 status.txt 1ac9fa5282b6ac7a1e14a0d0f55a314785704ebc210512 top1000table.html 6e685336416a71d4952b98dd910f99f63f7c166030382 top1000table.html.gz c693ef22a86ab244e3120e7ebf151170ce61c71710890 top50table.html 27dfe522be1c9f7e8a604b10b72150a338c1e3ec2619D3/D39DA0E3 -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? [EMAIL PROTECTED] _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 pgpnbH8LvZ4vi.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Unsynchronized public and secret key uids
On Sat, Jun 04, 2005 at 09:48:13PM -0400, Kyle McMartin wrote: Unfortunately, I lost my primary .gnupg directory. I restored my .gnupg from a backup, but it was not particularly recent. As such, my public key has a bunch of extra uids that my secret key does not. I'd just go and delete and re-add them, but I'm concerned this would get rid of signatures on my public keys uid. And I really would prefer to not lose those, or add even more redundant uids. On keyserver.kjsl.com, your @achilles.net userid is revoked (on 0x191FCD8A). (Re-)adding it to your secret key would generate a new selfsig that would supersede the revocation, so be careful if you do that to re-revoke it. Otherwise, recreate the userids exactly as they were before and all the old sigs will transfer to them. You already have a lot of selfsigs on your userids (which will also come back when you refresh your key from a keyserver), and recreating and re-signing the userids will add another selfsig to each, but (unless you can do surgery on secring.gpg) that can't be helped now. -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? [EMAIL PROTECTED] _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 pgpZgpBWM3M6i.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Keyserver
On Fri, May 13, 2005 at 09:28:33PM +0200, Bjoern Buerger wrote: * Francis Gulotta ([EMAIL PROTECTED]) [050513 21:10]: It uses random.sks.keyservcer.penguine.de by default. A random keyserver selection seems like the best idea for me (unless you need to hit one specificly) I can't read german but I'd think this one directs you to a random keyserver. Does anyone know? You are right. random.sks.keyservcer.penguine.de contains all green (available) hosts from the sks keyserver map: http://sks.keyserver.penguin.de/graphs/sks_network_today.png You will get one of ~ 15-20 Servers. All of them should be running (checked twice a day) All of them are subkey safe. Unfortunately, http://213.133.99.198:11371/pks/lookup?op=stats shows linux-geeks.de is currently unsynchronized (missing ~5000 keys). Also, http://67.66.94.243:11371/pks/lookup?op=stats shows dannyj.dynip.com hasn't synchronized for even longer (missing ~25000 keys). (Fortunately, submitting keys/updates to either of these two servers will email them to keyserver.kjsl.com (also subkey safe), which will propagate them to the rest of the keyserver network (without photos).) -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? [EMAIL PROTECTED] _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 pgpujf7HdN6B8.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
new (2005-05-01) keyanalyze results (+sigcheck)
New keyanalyze results are available at: http://keyserver.kjsl.com/~jharris/ka/2005-05-01/ Signatures are now being checked using keyanalyze+sigcheck: http://dtype.org/~aaronl/ Earlier reports are also available, for comparison: http://keyserver.kjsl.com/~jharris/ka/ Even earlier monthly reports are at: http://dtype.org/keyanalyze/ SHA-1 hashes and sizes for all the permanent files: 5a67a48564ebece131e4b0fd7e1c480de2321a9511990988preprocess.keys 3e5e64c185da3a4be2f2195c9fa085ed2025ae5d7531143 othersets.txt 09ee079f6ad9c84951b2ad4d45ab492256c4db2c3029298 msd-sorted.txt ee7513d6673185c48dd654a1e8e683b1f7c8788f1450index.html 53785ff4e903e7cfd510f1d6116196601e60a8082290keyring_stats 541d32dd8b7d1e7688b592f0b64895d51a591fa71192662 msd-sorted.txt.bz2 5f1cb85738cc7cc460040deb5f003b29936a4b7626 other.txt 4ecc2664f8ac42347505683beac96397edb4e5901619324 othersets.txt.bz2 0b7f60cbd0a83e1db2dc11a9605b0bb264cd07ab4879529 preprocess.keys.bz2 86c23283551a8289c055e464251103393b8ed04011991 status.txt abbb4c55b874374a99a9ea73eed0933183633938210371 top1000table.html f11f307dafccadbc1600e7b5748710ceaa922ebc30385 top1000table.html.gz 042d7e9d2f0465f4d1e7749812a2fbaeb928efef10898 top50table.html fd0b8b62f5208b74a390d4fff01973db0698f2572429D3/D39DA0E3 -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? [EMAIL PROTECTED] _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 pgpIVCNTYpFvd.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: importing large keyring
On Wed, Apr 20, 2005 at 02:17:31PM +0200, Sascha Silbe wrote: Recently (somewhere around the update from gnupg 1.2.x to 1.4.x) my keyring got corrupted: [EMAIL PROTECTED]:~$ gpg --export /dev/null gpg: buffer shorter than subpacket gpg: signature packet without timestamp gpg: buffer shorter than subpacket gpg: signature packet without keyid gpg: buffer shorter than subpacket [...] I've also seen similar corruption recently (with GPG 1.4.1): %gpg --keyserver hkp://keyserver.sascha.silbe.org --recv CA57AD7C Host: keyserver.sascha.silbe.org Command:GET gpgkeys: HTTP URL is `hkp://keyserver.sascha.silbe.org/pks/lookup?op=getoptions=mrsearch=0xCA57AD7C' gpg: buffer shorter than subpacket gpg: buffer shorter than subpacket gpg: signature packet without keyid gpg: buffer shorter than subpacket gpg: signature packet without timestamp gpg: key CA57AD7C: accepted non self-signed user ID [jpeg image of size 3400] gpg: key CA57AD7C: accepted non self-signed user ID [jpeg image of size 3400] gpg: key CA57AD7C: accepted non self-signed user ID [jpeg image of size 3400] gpg: buffer shorter than subpacket gpg: buffer shorter than subpacket gpg: signature packet without keyid gpg: buffer shorter than subpacket [snip] $gpg -k CA57AD7C gpg: buffer shorter than subpacket gpg: buffer shorter than subpacket gpg: signature packet without keyid gpg: buffer shorter than subpacket pub 2048R/CA57AD7C 2004-12-06 uid PGP Global Directory Verification Key uid [jpeg image of size 3400] uid [jpeg image of size 3400] uid [jpeg image of size 3400] uid [jpeg image of size 3400] %gpg --export CA57AD7C /dev/null gpg: buffer shorter than subpacket gpg: buffer shorter than subpacket gpg: signature packet without keyid gpg: buffer shorter than subpacket NB: I set allow-non-selfsigned-uid in ~/.gnupg/options, but you probably don't, and we're seeing most of the same errors. However, most of the keys are still OK, so I'd like to use the output of gpg --export to re-create the keyring. The keyring is rather large (70MB) and after importing several thousand keys gpg uses more memory than is available as physical RAM, so it's continously swapping. After 2 days without significant progress I've aborted the import. (Out of curiosity, what do you plan to have GPG do with the keys once they're imported?) I often work with keys dumped straight from pks without doing a gpg --import on them. You should be able to do the same with SKS. -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? [EMAIL PROTECTED] _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 pgphzj34kMbJz.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
new (2005-04-17) keyanalyze results (+sigcheck)
New keyanalyze results are available at: http://keyserver.kjsl.com/~jharris/ka/2005-04-17/ Signatures are now being checked using keyanalyze+sigcheck: http://dtype.org/~aaronl/ Earlier reports are also available, for comparison: http://keyserver.kjsl.com/~jharris/ka/ Even earlier monthly reports are at: http://dtype.org/keyanalyze/ SHA-1 hashes and sizes for all the permanent files: e21e7501b96eae87f8bfd1c13fbd77984d71b93011869992preprocess.keys a32824e2bfeaf23fef5330bc2f9cd849fed9e67b7475068 othersets.txt 306da5334125698f320f65e90e58d2c89a026d683013930 msd-sorted.txt ee7513d6673185c48dd654a1e8e683b1f7c8788f1450index.html caac16c0b5ba9e040b5f2b89f9500bda602cb0d42291keyring_stats e81843d3acd87c13b8f0aa7869928c7b7d960bb21185896 msd-sorted.txt.bz2 b6f6b3373215c7a7cf2928675a6477761234f55526 other.txt c7fd52e6afdc72ac332226de2100310bcece345f1607650 othersets.txt.bz2 dd08234a7c266b54fee96ea6495b6ec57361257a4826232 preprocess.keys.bz2 7412080a45f6981e25e1fceef26122e02e45680511987 status.txt ff856ca310e44a46f57822908a80053c628a0d39211442 top1000table.html 89eeec826d5e2923cfa8406942d2ddc5f098389230355 top1000table.html.gz 4f94061558602bbf7dfe999407f96af3022123e710946 top50table.html d5ea1aa85c27442e0d87173d265f18aadc749f0f2429D3/D39DA0E3 -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? [EMAIL PROTECTED] _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 pgpvHbNNNkM3e.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
new (2005-04-03) keyanalyze results (+sigcheck)
New keyanalyze results are available at: http://keyserver.kjsl.com/~jharris/ka/2005-04-03/ Signatures are now being checked using keyanalyze+sigcheck: http://dtype.org/~aaronl/ Earlier reports are also available, for comparison: http://keyserver.kjsl.com/~jharris/ka/ Even earlier monthly reports are at: http://dtype.org/keyanalyze/ SHA-1 hashes and sizes for all the permanent files: e2eb6610d1eef456665d2ef3420e302b6ab6323511641392preprocess.keys e7bf1ef91c39f55c4cb75415882bb04cfa6cce537269218 othersets.txt 647548db224c2306b3b22808ed0638983261223d2927944 msd-sorted.txt ee7513d6673185c48dd654a1e8e683b1f7c8788f1450index.html adc468f7171251d7b3d853c7705ef8d6817db9c52290keyring_stats 8539426ed2f2940f9f165387677ae54a86607d781152820 msd-sorted.txt.bz2 01f69eccb66a0fb9763b0b43fa8bcbc89895ddbe26 other.txt 98446bc561e593df7394b0bc35732f3b6f41d3bc1568105 othersets.txt.bz2 3ec8b1f2d27ed2c6c6c386904e293ba4785dd9a64706969 preprocess.keys.bz2 52a3a6c2b5c31d2193ed317e895704118805892311585 status.txt ab4ee3ee96cda54b38b2c6b5bb439801aacf50b6211338 top1000table.html 40501100f167072304086610ff4a6f7f0428ffc330349 top1000table.html.gz b6ae7a04520091fac591d4c80dca9a6492a39be510946 top50table.html 08fb84a189b03da03cbbc2ce6b5ae97f3c3aa9692409D3/D39DA0E3 -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? [EMAIL PROTECTED] _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 pgpeWyu91V2H8.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Retaining expired sigs
On Sat, Mar 19, 2005 at 01:24:13AM -0500, David Shaw wrote: On Sat, Mar 19, 2005 at 12:22:54AM -0500, Jason Harris wrote: c) Always keep the latest (valid) signature from a given issuer, even if it has expired. Remember that the original thing that spawned this thread was the desire to keep expired signatures from clogging keys. In the case where the latest signature is expired, you don't need to keep *any* signatures. Using your desired semantics (superceding), the most That is not very defensive. If an unsynchronized keyserver is used, a old copy of the key with only the unsuperceded sig(s) can be returned. Why open yourself to essentially a replay attack when you've already seen and can easily save certain strategic signatures from each issuer? Also, my desired semantics require keeping non-revocable sigs. (See below.) Per draft-ietf-openpgp-rfc2440bis-12.txt, section 5.2.3.3, I think the intent is clear that an expired selfsig on a userid is the same as a revoked selfsig on a userid. There is no reason for this not to apply to non-selfsigs as well. Keep reading to the end of 5.2.3.3. The draft, in fact, intentionally does not answer the question of multiple self-sigs. There is some advice about interpreting selfsigs as narrowly as possible, and biasing towards more recent, but An implementation that encounters multiple self-signatures on the same object may resolve the ambiguity in any way it sees fit means pretty much what it says. I'm not adverse to changing the code to implement superceding, but I don't think you can (or really need to) rationalize it from 2440bis. ... I think it is understood that pubkeys and subkeys cannot be unrevoked after being revoked and non-revocable signatures cannot be revoked after being created, but otherwise anything can be superceded. Remember that OpenPGP does not really specify validity semantics. Unfortunately (or fortunately depending on how you look at it), some semantics have crept into what is supposedly just a message format document. In fact, this is another grey area: subkeys can theoretically be unrevoked by issuing a new binding signature, just like user IDs can. GnuPG doesn't do this for simplicity, but that's an implementation choice, and not specified (either way) in the standard. Another quote from the document is in order, then: This document is maintained in order to publish all necessary information needed to develop interoperable applications based on the OpenPGP format. It is not a step-by-step cookbook for writing an application. It describes only the format and methods needed to read, check, generate, and write conforming packets crossing any network. It does not deal with storage and implementation questions. It does, however, discuss implementation issues necessary to avoid security flaws. I maintain that it misses its stated goals of leading to interoperable applications and avoiding security flaws insofar as it leaves the sub- jects of expired and superceded signatures untreated. The RFC fails to directly address the issue of a non-revocable sig. being superceded by a revocable one which is then revoked, however. In the strictest sense, non-revocable sigs cannot be undone, period, by any mechanism. This is certainly needed when a selfsig specifies a designated revoker, but I think it is good to treat all other non- revocable sigs as backups or fallbacks that can be superceded temporarily but always return as standing orders until superceded again. If this is not (to be) the case, then non-revocable sigs should really be called non-modifiable sigs. Grey area again. I happen to agree with part of what you say (non-revocable sigs can be superceded), but this is not specified in the standard anywhere. OK. Dragging the conversation out of the standard and into implementation details for a moment, I'm rather inclined to change the expired-sigs trimming code to implement the change (d) from above. It's consistent and safe from signature resurrection problems. [moved from above] d) When stripping a signature, strip all earlier signatures from that particular issuer. This will be safe iff the last (valid) sig. from a given issuer supercedes all previous sigs from that issuer, and, if expired, expires all previous sigs from that issuer, and, if a revocation signature, revokes all previous (even non-revocable) sigs from that issuer. (NB: Clearly, I don't think that last requirement can be met given even the most liberal interpretation of draft-ietf-openpgp-rfc2440bis-12.txt. Without meeting all these requirements, you have to at least keep the non-revocable sigs too.) Unless non-revocable userid cert. sigs are undone when newer revocable and/or expirable sigs that supercede them are undone (which neither of us agree with, correct?), you should keep the non-revocable sigs so they will take effect again
Re: Retaining expired sigs
On Sat, Mar 19, 2005 at 02:26:07PM -0500, David Shaw wrote: I agree. It's not just expired and superceded signatures. There are a good number of other semantic questions that are not covered in 2440 or 2440bis. For example, the so-called PGP trust model is not covered anywhere. This is historical: the original plan for the IETF group was that there would be multiple specifications (a message format document, a trust model document, etc). Unfortunately, only the message format document was written, and it became 2440. That explains a lot. Thanks. about the same thing. Given this case: non-revocable sig1-Jan-2000 revocable sig2-Jan-2000 revocation 3-Jan-2000 One way of looking at this is the end result is nothing. That is, the revocable sig of 2-Jan-2000 has superceded the non-revocable sig of 1-Jan-2000, and then the revocation has revoked the sig of 2-Jan-2000. There are no valid sigs left, and all three can be disregarded. This would be letting the non-revocable sig. be indirectly revoked, which I don't believe anyone is advocating. Another way of looking at this is that the revocable sig of 2-Jan-2000 has not superceded the non-revocable sig of 1-Jan-2000. The revocation of 3-Jan-2000 has revoked the sig of 2-Jan-2000, which leaves the non-revocable sig of 1-Jan-2000 as valid and usable. This is what I am advocating. Now try this case: non-revocable sig1-Jan-2000 expired sig 2-Jan-2000 (expired 3-Jan-2000) One answer here is that the expired sig of 2-Jan-2000 has superceded the nonrevocable sig of 1-Jan-2000. The end result is nothing and both sigs can be discarded. Another answer is that 2-Jan-2000 has expired, which leaves the sig of 1-Jan-2000 as valid and usable. What are you arguing for? The sig. of 1-Jan-2000 is valid and usable. It can only be ignored when superceded. Also, if multiple non-revocable sigs. exist, the latest (valid) one supercedes all others, which can be safely removed. -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? [EMAIL PROTECTED] _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 pgpVNg7i7cAO6.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Retaining expired sigs
On Fri, Mar 18, 2005 at 02:37:33PM -0500, David Shaw wrote: On Fri, Mar 18, 2005 at 02:06:46PM -0500, Jason Harris wrote: My point is that once GPG sees a newer signature that overrides an older one, it can safely remove the older one, in all cases, in the interest of keeping keys clean. (Of course, the newest sig. should be valid, and the older sigs should be checked for validity as well, lest we run into a long keyid collision.) I don't disagree with this. It's not unreasonable to remove them, but it doesn't happen that way today. The problem at hand was expired sigs, so that is what I addressed. Removing superceded signatures, however, re-raises the semantic questions I asked in my last mail. What algorithm runs first: the remove superceded or remove expired? Depending on which runs first, you can get a different result. Indeed, why is why the correct answer is: c) Always keep the latest (valid) signature from a given issuer, even if it has expired. Sigs (esp. revocations) with targets should always be kept, too, lest their targets resurface alone and therefore unmodified. It gets messy very fast: if I sign a key with no expiration, then sign it again with an expiration, then the second signature expires - is my original signature still valid? Maybe I actually revoked the first By your own explanation above, no. But should it be? My point is not to say that such-and-such is the answer. My point is to say that it is not at all clear what the answer should be. I may take some time this weekend and run a few test cases against other OpenPGP implementations to see what they do. Hopefully they will behave as I describe above. Therein lies the problem: GPG, by removing expired signatures (at all), is removing history. As you point out, this can lead to problems when the expired signatures are no longer available to supercede earlier, unexpired signatures. Only if the right behavior is that expired signatures *should* supercede earlier, unexpired signatures. Per draft-ietf-openpgp-rfc2440bis-12.txt, section 5.2.3.3, I think the intent is clear that an expired selfsig on a userid is the same as a revoked selfsig on a userid. There is no reason for this not to apply to non-selfsigs as well. Section 0x30: Certification revocation signature mentions (non- targetted) 0x30 revocations as applying to an earlier sig. It also says: The signature should have a later creation date than the signature it revokes. I believe it is generally understood that all earlier sigs are affected by non-targetted 0x30 sigs. Section 5.2.3.12 (non-revocable flag/subpacket) is very specific that no revocations apply to non-revocable signatures. However, it mentions nothing of non-revocable sigs being superceded. (Gah! key holder and keyholder are both used in the draft.) If the answer is that expired signatures should supercede, then the current implementation of the expired sigs filter is insufficient - it needs to remove the earlier sigs as well to avoid re-awakening an old Actually, GPG needs to retain the latest valid sig., even if it has expired, so that it will be around to take precedence over older sigs. signature. If the answer is that expired signatures should not supercede, then the current implementation is correct. Which do you favor (and why)? Does every sig stand alone, or can sigs only be interpreted in terms of a series? I vaguely lean towards the idea that expired signatures should not supercede earlier unexpired signatures (the sigs stand alone answer), but only vaguely. I find the simplicity of it attractive. Interpreting sigs in a series raises a number of dangerous problems, like what happens when a sig is unrevoked by an attacker by removing packets from the key. I think it is understood that pubkeys and subkeys cannot be unrevoked after being revoked and non-revocable signatures cannot be revoked after being created, but otherwise anything can be superceded. The RFC fails to directly address the issue of a non-revocable sig. being superceded by a revocable one which is then revoked, however. In the strictest sense, non-revocable sigs cannot be undone, period, by any mechanism. This is certainly needed when a selfsig specifies a designated revoker, but I think it is good to treat all other non- revocable sigs as backups or fallbacks that can be superceded temporarily but always return as standing orders until superceded again. If this is not (to be) the case, then non-revocable sigs should really be called non-modifiable sigs. -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? [EMAIL PROTECTED] _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 pgpWu7Sf3nFzT.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users