Doug Barton

Personal Stuff

My home page

My Corporate Website

My LinkedIn Page

I'm a twit!

Contact me

Nerd Stuff

DNS related documentation I have written, including my bind-users@isc.org FAQ

Some documentation on Bash, including an article of mine on prompting

PGP-related items including my key and some scripts I wrote to use PGP with Pine

IPv4 and IPv6 Network Structure Planning (LibreOffice)

Fun Stuff

My essay on "The Star-Spangled Banner"

Some humorous pictures I've collected

Puns

A Redneck Farm Kid In The Marine Corps

Stale keyserver URL

It is fairly common for people to modify their PGP key to specify a keyserver URL and then forget to refresh the key. This problem is especially noticable when the PGP Corp. keyserver is used since that server will drop the key if the key owner does not respond to the periodic e-mail messages that are sent to ensure that the key is still valid. It will also remove old keys when new keys are uploaded by the same user.

The stale keyserver URL becomes a problem when someone who has that key in their keyring attempts to refresh it. By default GnuPG attempts to honor the keyserver URL, so the refresh command will not work unless:
  • The owner of the key has uploaded a new version of the key to another server, and
  • The user attempting to refresh the key knows the right combination of commands to query a different server.
Fortunately this problem is easy to fix. The first step is for the owner of the key to decide whether or not they intend to continue using they keyserver URL. If the answer is yes, all that is necessary is to once again upload the key to that specific server.

If the answer is no, the process is simple:
  • Update the key by removing the keyserver URL
  • Upload the key to the keyserver mentioned in the old keyserver URL
  • Upload the key to another keyserver network, like hkp://pool.sks-keyservers.net
If it is no longer possible to upload the key to the old keyserver the other steps in the process should still be followed so that users who are able can refresh the key.