> That sounds like an argument for marking downloaded local copies of > public keys stale after a certain period, similarly to DNS TTL... That suggestion fills me with horror. Key management is *already* a nightmare without adding this to it. Better by far to provide a cronjob that can do the refreshing automatically -- or, on Windows, to write a service to do it.