Auto Key Refresh
Mark H. Wood
Thu Jul 10 15:37:04 2003
-----BEGIN PGP SIGNED MESSAGE-----
On Thu, 10 Jul 2003, Neil Williams wrote:
[snip interior quote]
> Would it be that much extra work? It would be needed when I select to encrypt
> an email - that key could be auto-retrieved and an alert generated if revoked
> - but that's only one key refresh per message.
> When I --refresh-keys on one of my public rings, some 300 keys pass by!
> Depending on my connection, it doesn't seem that I get any delays at the
> keyserver end.
Yeah, my pubring.gpg is over a megabyte. I don't want to refresh the
whole thing every time I do business with my bank. (I know, I know, I
should weed out stuff I don't use....)
> The keyserver would still receive updates at the usual rate and if the bank
> operates a local keyserver for their own keys, it means that the lag time to
> other keyservers is also eliminated. That does require something that was
> discussed here a little while ago - intelligent fallbacks when using multiple
> keyservers in the gpg.conf file. The bank keyserver is hardly going to want
> to keep keys of non-customers/employees so it needs to be the default for
> those keys that it does hold but gpg needs some way to know not to use it for
> other keys. Could be fun to devise!
It sounds like key entries in keyrings need two more attributes: a
"refresh before each use" bit, and a list of the best places from which to
refresh this entry. If there's no server list, use the master list from
I forgot to mention the reason I think the bank will want its own
keyserver: would *you* trust billions of dollars a day in transactions to
a server not under your control? I don't think your banker will.
Mark H. Wood, Lead System Programmer mwood@IUPUI.Edu
MS Windows *is* user-friendly, but only for certain values of "user".
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: pgpenvelope 2.10.2 - http://pgpenvelope.sourceforge.net/
-----END PGP SIGNATURE-----