[Top] [All Lists]

Re: PGP Keyserver Synchronization Protocol

1999-07-01 10:30:45
In <199906302254(_dot_)AAA12836(_at_)tik2(_dot_)ethz(_dot_)ch>, on 07/01/99 
   at 12:54 AM, Marcel Waldvogel <mwa(_at_)tik(_dot_)ee(_dot_)ethz(_dot_)ch> 


this was said thinking about duplicate signatures or revocation
certificates or other stuff:

- Many key owners seem to revoke their keys more than once, so many
 keys on different servers have different revocation certificates.
 (Importing Peter Wan's keyring into my database gives some hundred of
- Many users sign the same UserID more than once. The current pksd
 prunes them to all but one. Currently, pksd does this by taking the one
 with the newest time stamp. Other keyservers may have a different
policy. - If keyservers are put into place which really check the
validity of the
 revocations/signatures before either adding them or allowing them to
 replace other revocations or signatures, there may be even more

Unless all keyservers follow exactly the same policies and these policies
do not depend on the order in which the PGP packets are received, the
number of unresolved or unresolvable differences will increase. And I am
not really sure which policy is the "right" one.

I was not aware that this was going on but it is something that, IMHO,
*must* be addressed. This issue not only affects the key servers but also
the users keyrings. I don't like the idea of the servers making these
types of determinations if they are not doing any verification of the
signatures. It opens up a DOS attack on a key by replacing the self
signature with an invalid signature of a newer date. To be honest I don't
like the idea of the public servers removing anything from an existing
key. It opens up problems that the servers are not in a position to

William H. Geiger III
Geiger Consulting    Cooking With Warp 4.0

Author of E-Secure - PGP Front End for MR/2 Ice
PGP & MR/2 the only way for secure e-mail.
OS/2 PGP 5.0 at:
Talk About PGP on IRC EFNet Channel: #pgp Nick: whgiii

Hi Jeff!! :)

<Prev in Thread] Current Thread [Next in Thread>