--keyserver and importing by default

David Shaw dshaw@jabberwocky.com
Fri Oct 12 17:11:01 2001


--Km1U/tdNT/EmXiR1
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Oct 10, 2001 at 11:11:14PM -0400, Douglas Elznic wrote:

> Hello,
> I have set up my options file to connect to pgp.dtype.org for unknown
> keys. Is thier anyway to make it not import them by default?
(Owen Blacker already answered this, but for completeness: stick "no-auto-key-retrieve" in your config file)
> Or is thier
> a way to have keys dl'd go in to a different keyring than pubring?
When you add keys they go onto the most recently added keyring, so you can put in your options file: keyring my_other_keyring.gpg New keys will go there, but your original "pubring.gpg" keyring will still be used for other keys.
> And better yet can someone discuss the pros and cons of having all keys
> downloaded?
Pro: You always have a key when you need it. You don't have to do any work to get keys - GnuPG does it for you. Con: Slower, because you fetch every key you don't already have If you work offline, you can't fetch keys and (depending on how your networking is set up) GnuPG could wait for a long time before giving up.
> And the pros and cons of a large pubring?
Pro: You stand a better chance of making a web-of-trust connection. You can work offline and still have keys. Con: It's bigger. It's slower. As for me, if I am communicating with someone regularly, I'll get the key with enough other keys to give me a trust path. Similarly, if a frequent poster to a mailing list I'm on signs their messages, I'll get the key as well. Otherwise, I generally don't bother with multiple keyrings and auto-key-retrieve. David --=20 David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/ +--------------------------------------------------------------------------= -+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson --Km1U/tdNT/EmXiR1 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iQEVAwUBO8cHg4ccwqs8s7QVAQFNhQgAjiE+9SXBW3b4ctqE78mMvpGcRldm/NcN NNKtC2/izIX+mhI5THxPFCkQ6A7JBV8EIk14TApRWl8mV/tMI/gZwx7FjAv1/F7a rQQagRQGdQ8VLyCibspn45IGg5bTdknX/5FDJrnBDv60S+npBvbzmrgvn/bIe+fj cDRbuFHq2rP8kmz/3myhSfGfzyGmdTTofixyRP9cobajSpM/j/8SiS8q69ejqR8y JWTT4JKvOG7KTVwv+hR7TmHmuNUBqdUWeAlQhx8MwcMVSvfzX0QhqfPMBwT4BEds 9RQVU152zY2UUhZ8hiSU34g+Wx/KttgSUgXL73h+CQ2/7/B8mfwHiQ== =42w6 -----END PGP SIGNATURE----- --Km1U/tdNT/EmXiR1--