auto refresh-keys
Hauke Laging
mailinglisten at hauke-laging.de
Wed Jun 16 21:26:11 CEST 2010
Am Mittwoch 16 Juni 2010 19:10:17 schrieb Daniel Kahn Gillmor:
> Do you have other suggestions? We should consider bringing a
> prioritized form of these to the sks-devel list.
A different approach might save even more bandwidth:
Most keys do now change often. It is useless to download a key that has not
changed.
Thus the client could send a list of all keys it wants to check and the server
could respond with a list of fingerprints and modification timestamps.
If the server wants to do its job (without TLS) especially well then it signs
this list and solves a today unsolved problem by that. This way you could even
check whether a key update of yourself has reached a (non-TLS) key server.
It would have to be decided whether this key server time stamp refers to the
newest time stamp of a signature in the respective key (then the time stamp
would be the same from all key servers and the client could check the local
key to find out whether it has the current key) or to the timestamp of the
last update on the key server (which would require the client to store the
timestamp of the last key download for every key server).
CU
Hauke
--
PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 555 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20100616/51a3483e/attachment-0001.pgp>
More information about the Gnupg-users
mailing list