default keyserver-options [was: Re: keys not available for signed messages in this maillist]

Daniel Kahn Gillmor dkg at
Sat Apr 9 00:48:21 CEST 2011

On 04/08/2011 02:19 PM, John Clizbe wrote:
> There are additional options for the keyserver-options line. I recommend adding
> ' include-subkeys include-revoked import-clean'. See the gpg man page.

Thanks for these pointers, John.  If you think these are good options,
maybe we should advocate for changing the defaults to include them?

I support setting include-subkeys and include-revoked to on by default.
 The only reason these aren't more seriously problematic right now is
that SKS (the dominant HKP implementation today) automatically searches
subkeys and includes revoked keys.  That is, these options have no
effect when querying SKS keyservers.

As a keyserver client, i think gpg should make it clear that it wants
these options by default, in case any keyservers attempt to honor them.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110408/49ed682e/attachment.pgp>

More information about the Gnupg-users mailing list