public keyring management practices (was: Re: GPG Recipients List)

Neil Williams linux at codehelp.co.uk
Wed Dec 3 23:04:19 CET 2003


On Wednesday 03 Dec 2003 9:30 pm, gabriel rosenkoetter wrote:
> On Wed, Dec 03, 2003 at 07:39:09PM +0000, Neil Williams wrote:
>
> > Unfortunately, Denis' key isn't linked to the largest strongly connected
> > set, as used with Wotsap and others,
> > http://www.lysator.liu.se/~jc/wotsap/ , so it always comes up as
> > untrusted and always gets deleted when I tidy up my keyring!
>
> Huh. Interesting.

It's not as irksome as it might sound, I have a little bash script that 
several people here helped to create (it'll be in the archives) that uses 
--with-colons, cut and grep to delete lots of keys in a second or two. 
Managing a keyring by deleting keys one at a time ain't fun.

> Do you do this to avoid the lengthy automated trustdb rebuilds, or

Lengthy trust rebuilds do slow down the email client with new keys and also 
slow down KGpg when it opens. However, another reason is refreshing keys - 
you can't be sure about a key not being revoked unless you refresh it so I 
refresh quite often. Certainly before I verify packages or encrypt messages 
to occassional contacts.

Probably my main reason is that I keep the majority of my keyring purely for 
WoT purposes. Keys that are automatically retrieved - although useful at the 
time - have to be trusted before I'll let them stay in the keyring - I just 
find it easier to manage. Plus, on this list as on many others, there are so 
many people who join for a brief while and then leave - what's the point of 
keeping those keys?

> just Because?

To be honest, I'm not too fussed about delays on reading mail - my spam 
filters take more time and I'm always doing something else at the time, so I 
can just check back later.

> I avoid the pain of trustdb rebuilds when I actually want to be
> reading mail by having no-auto-check-trustdb in gpg.conf and these
> two cron jobs:

YALJTD
(Yet another little job to do)


-- 

Neil Williams
=============
http://www.codehelp.co.uk/
http://www.dclug.org.uk/
http://www.isbn.org.uk/
http://sourceforge.net/projects/isbnsearch/

http://www.biglumber.com/x/web?qs=0x8801094A28BCB3E3
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: signature
Url : /pipermail/attachments/20031203/59f84ca5/attachment.bin


More information about the Gnupg-users mailing list