Auto Key Refresh

Neil Williams linux@codehelp.co.uk
Thu Jul 10 01:24:02 2003 

--Boundary-02=_KSKD/in64sIBnN3
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Description: signed data
Content-Disposition: inline

On Wednesday 09 Jul 2003 9:47 pm, CL Gilbert wrote:
> | And this leads to a problem I see with using GnuPG, which is a general
> | problem but more acute when using the product for business:  key update=
s.
> | I know I can refetch a key whenever I feel the need, but I don't recall
> | seeing any way to automagically check for revocations.  I would probably
> | refresh a key manually whenever I'm about to communicate something
> | critical, but in financial transactions that means "every time".
>
> Auto key refresh, their is a nice idea.  I opt for that.  However, if
> you think the keyservers suck now, just u wait :)

Would it be that much extra work? It would be needed when I select to encry=
pt=20
an email - that key could be auto-retrieved and an alert generated if revok=
ed=20
=2D but that's only one key refresh per message.

When I --refresh-keys on one of my public rings, some 300 keys pass by!=20
Depending on my connection, it doesn't seem that I get any delays at the=20
keyserver end.=20

The keyserver would still receive updates at the usual rate and if the bank=
=20
operates a local keyserver for their own keys, it means that the lag time t=
o=20
other keyservers is also eliminated. That does require something that was=20
discussed here a little while ago - intelligent fallbacks when using multip=
le=20
keyservers in the gpg.conf file. The bank keyserver is hardly going to want=
=20
to keep keys of non-customers/employees so it needs to be the default for=20
those keys that it does hold but gpg needs some way to know not to use it f=
or=20
other keys. Could be fun to devise!

=2D-=20

Neil Williams
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
http://www.codehelp.co.uk
http://www.dclug.org.uk

http://www.wewantbroadband.co.uk/


--Boundary-02=_KSKD/in64sIBnN3
Content-Type: application/pgp-signature
Content-Description: signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQA/DKSKiAEJSii8s+MRAoVnAJ9QzIP1NyHs0+F8E8o9DDJ70+MJAgCgj+KX
Uzwlkfuwgxa4fYnvohTpk+8=
=CiS7
-----END PGP SIGNATURE-----

--Boundary-02=_KSKD/in64sIBnN3--