In <199906302254(_dot_)AAA12836(_at_)tik2(_dot_)ethz(_dot_)ch>, on 07/01/99
at 12:54 AM, Marcel Waldvogel <mwa(_at_)tik(_dot_)ee(_dot_)ethz(_dot_)ch>
said:
William,
this was said thinking about duplicate signatures or revocation
certificates or other stuff:
- Many key owners seem to revoke their keys more than once, so many
keys on different servers have different revocation certificates.
(Importing Peter Wan's keyring into my database gives some hundred of
these).
- Many users sign the same UserID more than once. The current pksd
prunes them to all but one. Currently, pksd does this by taking the one
with the newest time stamp. Other keyservers may have a different
policy. - If keyservers are put into place which really check the
validity of the
revocations/signatures before either adding them or allowing them to
replace other revocations or signatures, there may be even more
differences.
Unless all keyservers follow exactly the same policies and these policies
do not depend on the order in which the PGP packets are received, the
number of unresolved or unresolvable differences will increase. And I am
not really sure which policy is the "right" one.
I was not aware that this was going on but it is something that, IMHO,
*must* be addressed. This issue not only affects the key servers but also
the users keyrings. I don't like the idea of the servers making these
types of determinations if they are not doing any verification of the
signatures. It opens up a DOS attack on a key by replacing the self
signature with an invalid signature of a newer date. To be honest I don't
like the idea of the public servers removing anything from an existing
key. It opens up problems that the servers are not in a position to
address.
--
---------------------------------------------------------------
William H. Geiger III http://www.openpgp.net
Geiger Consulting Cooking With Warp 4.0
Author of E-Secure - PGP Front End for MR/2 Ice
PGP & MR/2 the only way for secure e-mail.
OS/2 PGP 5.0 at: http://www.openpgp.net/pgp.html
Talk About PGP on IRC EFNet Channel: #pgp Nick: whgiii
Hi Jeff!! :)
---------------------------------------------------------------