RFE: --update-before-use

Michel Messerschmidt lists at michel-messerschmidt.de
Sun Jun 17 13:36:00 CEST 2012

On Sat, Jun 16, 2012 at 05:32:36PM -0400, David Shaw wrote:
> Yes, I understand that spreading out keyserver requests can help avoid this sort of tracking, but remember that the keyserver URL feature allows the keyholder to bypass the keyserver chosen by the user, and send the requests anywhere they like.  I don't care how the keyserver round-robins are run if I can get a target GPG to not use them.
> To really combat tracking, you need to route your keyserver requests through TOR or something similar.

Even that addresses not all issues. 
The target keyserver still receives a connection whenever the public 
key is used by someone. A keyholder may set the keyserver URL to a 
server under his control to monitor the usa of its public key.
If that is a good or bad idea certainly depends on your point of view.
But is does not seem to be a wise default configuration in my mind.

If such an "automatic update" is added, I'd like to have an additional 
option to define the maximum update interval. This allows everybody to 
define his own tradeoff. With a default value of for example 24 hours, 
public keys are still kept fairly up to date while frequent key usage  
will not trigger a keyserver request for most crypto operations.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: </pipermail/attachments/20120617/b3de1dc0/attachment.pgp>

More information about the Gnupg-users mailing list