auto refresh-keys

Hauke Laging mailinglisten at
Wed Jun 16 21:26:11 CEST 2010

Am Mittwoch 16 Juni 2010 19:10:17 schrieb Daniel Kahn Gillmor:

> Do you have other suggestions?  We should consider bringing a
> prioritized form of these to the sks-devel list.

A different approach might save even more bandwidth:
Most keys do now change often. It is useless to download a key that has not 

Thus the client could send a list of all keys it wants to check and the server 
could respond with a list of fingerprints and modification timestamps.

If the server wants to do its job (without TLS) especially well then it signs 
this list and solves a today unsolved problem by that. This way you could even 
check whether a key update of yourself has reached a (non-TLS) key server.

It would have to be decided whether this key server time stamp refers to the 
newest time stamp of a signature in the respective key (then the time stamp 
would be the same from all key servers and the client could check the local 
key to find out whether it has the current key) or to the timestamp of the 
last update on the key server (which would require the client to store the 
timestamp of the last key download for every key server).


PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 555 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20100616/51a3483e/attachment-0001.pgp>

More information about the Gnupg-users mailing list