Group Membership Keyring

Jerome Baum jerome at
Wed Mar 23 23:21:28 CET 2011

Nicholas Cole <nicholas.cole at> writes:

> It would probably be better for the membership secretary to circulate
> a keyblock (i.e. the results of an --armor --export) containing the
> members keys, which you could then import onto your own keyring.
> Unless the group features many hundreds of members you should not
> experience any noticeable slow-down at all.

I'd like  to mention that  you'd probably want  to give the  secretary a
trust signature  limited to  the respective domain,  so while  you trust
them fully for that group, you  can assign marginal or no trust in other
contexts. Just tsign and it'll ask for all that information.

As for the  imports, this does sound like a good  idea because you don't
need to validate  the keyblock (after all, there's no  way to "delete" a
key  through  a  keyblock,  besides   revoking  it  which  is  a  signed
operation). Just  set it to merge  only and you'll  always be up-to-date
when it comes to revocation, without the risk of adding new keys.

PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 880 bytes
Desc: not available
URL: </pipermail/attachments/20110323/1ce395a7/attachment.pgp>

More information about the Gnupg-users mailing list