auto refresh for expired certificates
mailinglisten at hauke-laging.de
Sat Oct 25 20:09:13 CEST 2014
I would like to suggest a new option for GnuPG (mainly intended for the
config file) which would automatically try to import an update for the
certificate if it has expired (both from the standard key server and
from the preferred one if set).
I guess that many users don't understand that in case of certificate
expiration it is often the solution to just refresh the certificate.
This feature would avoid problems for these users (and encourage the use
of expiration dates which IMHO is useful). Of course, this could be done
in the GUIs but this seems to be a trivial extension and would avoid
having to wait for all GUIs to care. And it's not on "high GUI level"
but relevant for console usage, too.
In the long term each certificate should get a timestamp entry in
trustdb for the last update check. With that a new option could be
defined which causes gpg to check for updates of a certain certificate
if it is to be used and has not been checked for updates for more than x
days. Refresh discipline seems to me to be a serious problem. And just
checking the whole key ring every x days would be a waste of resources
(especially on the key servers).
Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/
OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 490 bytes
Desc: This is a digitally signed message part.
More information about the Gnupg-users