auto-key-retrieve considered harmful

Christian Biere cbiere at TechFak.Uni-Bielefeld.DE
Sun Dec 7 06:55:36 CET 2003


unfortunately there are many tools which don't differ between
trusted and untrusted keys e.g., the mail clients Sylpheed,
Mulberry and probably hundreds of tools more. [Actually, it's
beyond me how they can dare to implement OpenPGP support in 
such a way. Either, do it the right way or just don't do it at 

Let me imagine a world in which people are rather lazy. In this
world people would turn put the line

	keyserver-option auto-key-retrieve

into their gpg.conf. Now, everytime they get a signed mail
with a key they don't have in their keyring, the key will
be automatically retrieved from the keyserver. As they
can't remember their buddies' key IDs they just believe in
their mail clients' message "Good signature".

IMO, the documentation should at least contain a *big* *fat*
*scary* warning about using that option. In the long run,
maybe it's possible to at an option "auto-key-update" which
would only try to retrieve an updated key in case the key
is marked as expired or if discard fresh keys if they're
not signed with a trusted signature.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 303 bytes
Desc: not available
Url : /pipermail/attachments/20031207/def825f3/attachment.bin

More information about the Gnupg-devel mailing list