[Sks-devel] sks should not allow id cert packets after a subkey

sks-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Sks-devel] sks should not allow id cert packets after a subkey

From:	Daniel Kahn Gillmor
Subject:	[Sks-devel] sks should not allow id cert packets after a subkey
Date:	Mon, 30 Jul 2012 18:32:17 -0400
User-agent:	Mozilla/5.0 (X11; Linux i686; rv:10.0.5) Gecko/20120624 Icedove/10.0.5

Clint Adams just reported:

http://bugs.debian.org/683328

----------------
This key is buggy:

http://keys.mayfirst.org/pks/lookup?op=get&search=0xED34CEABE27BAABC


Note the 0x10 and 0x13 signatures on the 4096-bit subkey; these
should not be there.

Please check the signature types and only allow signature types 0x18
and 0x28 on subkeys.  (At the very least, 0x10 through 0x13 should
be discarded).
----------------

I think his analysis is correct, although:

 0) i don't have a patch to propose, and

 1) i'm not sure how to deploy such a fix across the whole keyserver
network, since it looks to me like it would effectively appear as a
"filter" change.

any thoughts on how to address this?

        --dkg

signature.asc
Description: OpenPGP digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

[Sks-devel] sks should not allow id cert packets after a subkey, Daniel Kahn Gillmor <=
- Re: [Sks-devel] sks should not allow id cert packets after a subkey, Kristian Fiskerstrand, 2012/07/30

Prev by Date: [Sks-devel] unwanted tolerance of buggy keys
Next by Date: Re: [Sks-devel] sks should not allow id cert packets after a subkey
Previous by thread: [Sks-devel] unwanted tolerance of buggy keys
Next by thread: Re: [Sks-devel] sks should not allow id cert packets after a subkey
Index(es):
- Date
- Thread