auto refresh for expired certificates

Peter Lebbing peter at digitalbrains.com
Sun Oct 26 16:12:15 CET 2014


On 26/10/14 15:28, Hauke Laging wrote:
> THEY do know anyway that you (really you in this case) encrypt to a 
> certain key as long as SMTP is used (as usual) and the target key ID is 
> not hidden (as usual, too).

First of all, the number of parties in the know is enlarged by doing the
keyserver query. Somebody with access to the SMTP session always knows:
the sending and receiving mail providers and anybody who can listen in
on that connection. But you add a keyserver to that.

Secondly, more to the point, after thinking about it, I think it does
make more sense to incorporate this into GnuPG proper (as an optional
feature; --auto-key-locate seems appropriate).

The main motivation is that it sounds like a good option for many casual
users who are not particularly worried about the problem of leaking
social and usage data to keyservers, and those people will not install
parcimonie. And my argument of leveraging code already written equally
applies to GnuPG, that was a bit of a silly argument in retrospect :).

--auto-key-locate automatically retrieves unknown keys. I think it makes
sense to include expired keys, triggering a refresh. Or is there a use
case where this is unwanted?

HTH,

Peter.

PS: I didn't quite understand the different "you"s in your mail; they
all appear to refer to "anyone". But it doesn't seem important.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>



More information about the Gnupg-users mailing list