Please test :)

Todd Zullinger tmz at pobox.com
Fri Aug 14 20:46:23 CEST 2009


David Shaw wrote:
> There is also a check-cert / no-check-cert option to enable checking
> or not.  It's actually a bit of a question whether the default
> should be to check or not to check (it's currently defaulting to
> check).  Usually, you'd want to check by default, but in the case of
> OpenPGP keys, the keys are not validated by the keyserver anyway.

This is one of those potential bike shed topics. :)

While the keyserver doesn't validate the keys, if someone is using
hkps:// it may well be to provide privacy and security for which keys
they are looking up.  If the cert is not checked the user cannot be
sure the keyserver they are connecting to is the legitimate site which
they trust.  To me, it seems like checking is the more reasonable
default.

-- 
Todd        OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I visualize a time when we will be to robots what dogs are to humans,
and I'm rooting for the machines.
    -- Claude Shannon

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 542 bytes
Desc: not available
URL: </pipermail/attachments/20090814/5edd5400/attachment.pgp>


More information about the Gnupg-devel mailing list