public keyring management practices (was: Re: GPG Recipients
List)
Adrian von Bidder
avbidder at fortytwo.ch
Thu Dec 4 08:31:28 CET 2003
On Thursday 04 December 2003 00:57, David Shaw wrote:
> I've occasionally toyed with making an option to automatically do a
> refresh before encrypting, and a different option to automatically do
> a refresh when verifying. I haven't done it because the load on the
> keyservers would be brutal. I'd be curious if someone has a different
> take on that, or how they would want such a feature to work.
I think from a security pov, this feature would be highly desirable.
I guess a compromise that wouldn't hurt the keyservers too much would be:
- store the date when a key was last retrieved in the keyring
- refresh when the key is older than xx days. Let it be set to <7 only with
--expert or something like that.
greetings
-- vbi
--
pub 1024D/92082481 2002-02-22 Adrian von Bidder <avbidder at fortytwo.ch>
Key fingerprint = EFE3 96F4 18F5 8D65 8494 28FC 1438 5168 9208 2481
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 335 bytes
Desc: signature
Url : /pipermail/attachments/20031204/740b710b/attachment.bin
More information about the Gnupg-users
mailing list