On 2016-07-28 03:16, Peter Remmers wrote:
I've been trying to find the public key that was used to sign the tzdata and tzcode files on ftp.iana.org/tz. gpg -vv tzdata-latest.tar.gz.asc says the files were signed using key ID 043DB63744AD418C (or short 44AD418C), but this key isn't to be found on any keyserver I tried. I kindly request a pointer to the public key that was used for the current files on the ftp server, so we can verify the signatures.
The TZ RFC 6557/BCP 175 states: "Moving forward, the TZ database, supporting code, and any appropriate supporting information SHOULD be cryptographically signed prior to release using well known public keys, along with any appropriate supporting information and distributed from <http://www.iana.org/time-zones>." "The reference implementation shall be distributed along with an associated cryptographic signature verifiable by a public key." "Maintenance of a cryptographic private key that is used to sign the database and that will survive a change of TZ Coordinator." Looks like 2 and 3 have been achieved but 1 has not yet occurred. -- Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada