--keyserver and importing by default

David Shaw dshaw@jabberwocky.com
Fri Oct 12 17:11:01 2001 

--Km1U/tdNT/EmXiR1
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Oct 10, 2001 at 11:11:14PM -0400, Douglas Elznic wrote:

> Hello,

>  I have set up my options file to connect to pgp.dtype.org for unknown

> keys. Is thier anyway to make it not import them by default?


(Owen Blacker already answered this, but for completeness:
stick "no-auto-key-retrieve" in your config file)


> Or is thier

> a way to have keys dl'd go in to a different keyring than pubring?


When you add keys they go onto the most recently added keyring, so you
can put in your options file:
    keyring my_other_keyring.gpg

New keys will go there, but your original "pubring.gpg" keyring will
still be used for other keys.


> And better yet can someone discuss the pros and cons of having all keys

> downloaded?


Pro:
  You always have a key when you need it.

  You don't have to do any work to get keys - GnuPG does it for you.

Con:
  Slower, because you fetch every key you don't already have

  If you work offline, you can't fetch keys and (depending on how your
  networking is set up) GnuPG could wait for a long time before giving
  up.


> And the pros and cons of a large pubring?


Pro:
  You stand a better chance of making a web-of-trust connection.
  You can work offline and still have keys.

Con:
  It's bigger.
  It's slower.

As for me, if I am communicating with someone regularly, I'll get the
key with enough other keys to give me a trust path.  Similarly, if a
frequent poster to a mailing list I'm on signs their messages, I'll
get the key as well.  Otherwise, I generally don't bother with
multiple keyrings and auto-key-retrieve.

David

--=20
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+--------------------------------------------------------------------------=
-+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson

--Km1U/tdNT/EmXiR1
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iQEVAwUBO8cHg4ccwqs8s7QVAQFNhQgAjiE+9SXBW3b4ctqE78mMvpGcRldm/NcN
NNKtC2/izIX+mhI5THxPFCkQ6A7JBV8EIk14TApRWl8mV/tMI/gZwx7FjAv1/F7a
rQQagRQGdQ8VLyCibspn45IGg5bTdknX/5FDJrnBDv60S+npBvbzmrgvn/bIe+fj
cDRbuFHq2rP8kmz/3myhSfGfzyGmdTTofixyRP9cobajSpM/j/8SiS8q69ejqR8y
JWTT4JKvOG7KTVwv+hR7TmHmuNUBqdUWeAlQhx8MwcMVSvfzX0QhqfPMBwT4BEds
9RQVU152zY2UUhZ8hiSU34g+Wx/KttgSUgXL73h+CQ2/7/B8mfwHiQ==
=42w6
-----END PGP SIGNATURE-----

--Km1U/tdNT/EmXiR1--