[Enigmail] Keyservers mangle with subkey binding sigs (was Re: Sub-Key Look-Up)

Vlad "SATtva" Miller sattva at pgpru.com
Fri Jan 18 11:58:43 PST 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

John W. Moore III wrote on 18.01.2008 23:08:
> 
> Patrick Brunschwig wrote:
> 
>>> That's only a SUB-key ID. You'd have to look for my public key
> 0xE443D6D8
> 
> I Searched hkp://pool.sks-keyservers.net for the sub-Key ID and was
> rewarded with the complete Key.  :-D

While on the topic of subkeys and keyservers, a couple of weeks ago I've
discovered a weird thing. My key 0x8443620A consists of a main
certification key and two subkeys: one for encryption and one for signing.

Both subkeys have expired in the end of the last year, but I've chosen
not to generate new and to simply extend life of existing subkeys for
another few years, so I've re-signed them with extended expiration date
and updated to keyservers. A few days later one of my correspondents
contacted me saying that my key is expired and unusable. I've looked at
keyservers, and was very surprised that they're not reflecting the
changes made!

Here for example (in the bottom) you may see two subkeys with binding
signatures expired at 2007-12-31:
http://pool.sks-keyservers.net:11371/pks/lookup?search=0x8443620A&op=vindex

But if you look at the original copy you'll see that all regenerated
sigs are in place:
http://www.vladmiller.info/contacts/openpgp.txt

sattva at localhost ~ $ cat openpgp.txt | gpg --list-packets
[snip]
:signature packet: algo 1, keyid FAEB26F78443620A
        version 4, created 1199529401, md5len 0, sigclass 0x18
        digest algo 2, begin of digest 1f 06
        hashed subpkt 26 len 45 (policy:
        http://www.vladmiller.info/services/cert.html)
        hashed subpkt 27 len 1 (key flags: 0C)
        hashed subpkt 2 len 4 (sig created 2008-01-05)       <<!!<<
        hashed subpkt 9 len 4 (key expires after 3y11d13h6m) <<!!<<
        subpkt 16 len 8 (issuer key ID FAEB26F78443620A)
        data: [4095 bits]

If I understand this correctly and not missing something terribly here,
keyservers just looked at newly uploaded key, thought "huh? I already
have that subkey in place, and this 0x18 sig too!", and discarded it
without going into much trouble of analyzing any binding sigs'
timestamps (maybe marking them as duplicates).

Could anyone confirm this behavior?

> BTW, I graciously assumed that You would be diligent in verifying folks
> prior to signing their Key.  Please don't become sloppy in this regard.
>   :-D
> 
> JOHN  ;)
> Timestamp: Friday 18 Jan 2008, 11:57  --500 (Eastern Standard Time)

- --
SATtva | security & privacy consulting
www.vladmiller.info | www.pgpru.com

-----BEGIN PGP SIGNATURE-----
Comment: Visit 'openPGP in Russia' - http://www.pgpru.com

iQEVAwUBR5EE8frpF+kHDgtzAQrTjQf9EN7FOqVpPmUei0ns4OPf1sgPaFQMtjZB
1ePQptO+s7QmDni6CQZUXNbS3vR8Y1DHG4ixDRUOf1ccffeYz8Iqa22CL0T4xHiP
Hu4Ldg4glQtTt6rY1IZheT3xYNjclZQTLv32Db4WX8asQ0SvtgEHV/D/hoVrPDME
hcEruD++zkvmiF3GxQBBvRyf4ddhIB5uNljg5qewG08+z2rZIptfWnO4TFpyXc6f
vYnV0q13jNCRbBjRl+1A0khyOqRIdpLaCH+liYXe0SQCnGFLwD5tJpPZKHf2ZPoB
g11Blto+s00a6tG7ehKXxgXTsYFLWbt0+YYbgK5MBxLkMWRJRPWzPw==
=T4KF
-----END PGP SIGNATURE-----

More information about the Enigmail mailing list