Mail-list PGP Keys
Kris Kennaway
kris at obsecurity.org
Wed Oct 1 17:49:13 PDT 2003
On Wed, Oct 01, 2003 at 06:51:05PM -0400, Paul Murphy wrote:
> On Wed, 1 Oct 2003 11:27:29 -0700
> Kris Kennaway <kris at obsecurity.org> wrote:
>
> > On Wed, Oct 01, 2003 at 01:15:03PM -0500, Eric F Crist wrote:
> >
> > > How do I submit my keys?
> > >
> > > TIA
> >
> > 1) Don't middle-post
> >
> > 2) Read the URL provided.
> >
> > > > > Just a little pet peeve.
> > > >
> > > > AFAIK, most people use http://pgp.mit.edu to submit their keys.
> >
> > Kris
>
> FWIW, have you checked _your_ pgp key lately, I always get:
>
> BAD signature from "Kris Kennaway <kris at citusc.usc.edu>"
> aka "Kris Kennaway <kris at FreeBSD.org>"
> aka "Kris Kennaway <kris at obsecurity.org>"
The copy in one of the PGP key networks is corrupted, and it's a
vulnerability in the keyserver system that there is no way provided to
correct this. AFAICT you can corrupt any given key in the database by
uploading a mis-formatted signature to it, which the key servers do
not appear to adequately guard against (this is how mine became
corrupted). Fetch the uncorrupted copy from the FreeBSD handbook or
my .plan on freebsd.org.
Kris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20031001/f5c402ce/attachment.bin
More information about the freebsd-questions
mailing list