Global Directory signatures (was Re: GPG wants to check trustdb every day)

Johan Wevers johanw at vulcan.xs4all.nl
Wed Dec 29 15:48:48 CET 2004


David Shaw wrote:

>* A new switch to not send expired sigs to keyservers and/or a switch
>  to not accept expired sigs from keyservers.  This would slow down
>  the growth, but not fix it completely as there is still the 2-week
>  window before the sig expires.  This might be a good thing for
>  general keyserver and keyring cleanliness though.

Yes. However, it still doesn't prevent the keyservers from being
loaded with a lot of useless signatures. I don't know how this would
affect the load of the keyservers.

To solve this the keyserver software has to be modified, for example to
delete expired sigs, or at least not to send them out. But it will keep
the gpg keyrings clean.

>* Have keyservers discard GD signatures?

Or at least have them remove all GD sigs except the last issued.

>* Ask the PGP folks to do something (what?)

Increase the expiry date of their signature to someting more usefull,
like a year.

>* Do nothing?

That would blog my keyring if there are some keys on it that are placed on
the GD.

However, what about an GnuPG option like --clean-keyring that deletes all
expired sigs, or perhaps deletes all (expired or not?) sigs from a given
key, from your pubring? If the blogging occurs, you could at least clean
up your keyring without manually deleting all those signatures.

-- 
ir. J.C.A. Wevers         //  Physics and science fiction site:
johanw at vulcan.xs4all.nl   //  http://www.xs4all.nl/~johanw/index.html
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html



More information about the Gnupg-users mailing list