a Question about Key Servers

Grant Olson kgo at grant-olson.net
Wed Aug 24 19:46:08 CEST 2011


On 8/24/11 11:47 AM, Mike Acker wrote:
> 
> given that I have loaded my public key to a key-server ( e.g.
> keys.gnupg.net )
>  
> when i upload information to be merged into my keyblock (e.g. a new user
> ID, revocate certificate, or new expiration date )
>  
> what will cause other GPG users to refresh their copy of my key in their
> keyring?

No.  Users need to manually refresh their keys periodically to get changes.

But people can be lazy about this.  One way to force them to refresh is
to have an expiration date that you bump up (for example) every year.
Then after your key expires, they'll need to refresh and get any other
changes as well.

>  
> should I send them a notice?
>  

It depends.

If you revoked the key because it's compromised, then you probably want
to notify important contacts.

If you add a new UID, for example your new work email, and an existing
associate only contacts you on your personal email, things will keep on
working even if they don't have the new UID.

If the key expires on someone's local keyring, they'll need to re-fetch
it to get updates.  So you could probably do nothing  Some people will
refresh automatically when they see the key is expired.  Others will
tell you your key is expired, in which case you can tell them they need
to refresh.


-- 
Grant

"I am gravely disappointed. Again you have made me unleash my dogs of war."

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 570 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110824/f7176ba2/attachment.pgp>


More information about the Gnupg-users mailing list