public keyring management practices (was: Re: GPG Recipients List)

Adrian von Bidder avbidder at
Thu Dec 4 08:31:28 CET 2003

On Thursday 04 December 2003 00:57, David Shaw wrote:
> I've occasionally toyed with making an option to automatically do a
> refresh before encrypting, and a different option to automatically do
> a refresh when verifying.  I haven't done it because the load on the
> keyservers would be brutal.  I'd be curious if someone has a different
> take on that, or how they would want such a feature to work.

I think from a security pov, this feature would be highly desirable.

I guess a compromise that wouldn't hurt the keyservers too much would be:
 - store the date when a key was last retrieved in the keyring
 - refresh when the key is older than xx days. Let it be set to <7 only with 
--expert or something like that.

-- vbi

pub  1024D/92082481 2002-02-22 Adrian von Bidder <avbidder at>
     Key fingerprint = EFE3 96F4 18F5 8D65 8494  28FC 1438 5168 9208 2481
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 335 bytes
Desc: signature
Url : /pipermail/attachments/20031204/740b710b/attachment.bin

More information about the Gnupg-users mailing list