On 05/15/2009 03:36 PM, David Shaw wrote:
On May 15, 2009, at 10:09 AM, Daniel Kahn Gillmor wrote:
Has anyone tested this? do you forsee any problems should such a
pair
of keys be injected into the SKS pool?
This is not exactly common, but there are a few keys like this
stored in
SKS already. See keys 3D7D41E3 and D9F57808 for an example.
I see. 3D7D41E3 and its subkey 1E88BF71 are also subkeys of D9F57808.
But while the keyservers report [0] that 1E88BF71 has a still-valid
subkey binding signature against D9F57808, gpg seems to ignore that
subkey-binding signature:
0 address@hidden:~$ gpg --fixed-list-mode --with-colons --check-sigs --list-
options show-unusable-subkeys D9F57808 | awk '/^sub:.*1E88BF71:/
{ FOUND=1; } { if (FOUND) { print $0 } }'
sub:e:2048:16:6C6EEE7A1E88BF71:1065237572:1138176749:::::e:
sig:!::1:B88D52E4D9F57808:1084349549::::Atom Smasher
<address@hidden>:18x:
0 address@hidden:~$
Do you think this a problem with gpg, a problem with SKS, or
a problem with this particular signature? Is it possible that this
subkey-binding signature has been somehow misapplied because 1E88BF71
is a subkey of two different primary keys?
Or is it some other problem entirely?