regular update of all keys from a keyserver

Brian Minton brian at minton.name
Mon Oct 17 18:52:40 CEST 2016



On 10/17/2016 11:41 AM, Daniel Kahn Gillmor wrote:
> On Mon 2016-10-17 06:31:16 -0400, Martin T wrote:
>
>> I am aware that one can update all the keys in local-keyring from a
>> keyserver using "gpg --refresh-keys". Are there any disadvantages to
>> simply put this command into user crontab and execute for example once
>> a day?
> The only disadvantages are if you don't want to reveal the contents of
> your keyring to the public keyservers, or to announce your presence on
> the network.
>
> If you prefer to do these things in an anonymized way, you might prefer
> a tool like parcimonie, 

I run a key server, which allows me to do as many key-retrieval queries
as I like, without giving any information away to the rest of the
world.  It also helps a little, but not completely, with the problem of
adding keys to the keyserver network, with respect to my social
network.  In particular, it's not easy for any keyserver to see which of
its peers' peers a given key or set of keys, originated from.  However, 
in theory, an attacker could track the progress of a given key across
the network of keyservers by quick querying, but it's a pretty small
window between the introduction of keys to a single member of the pool,
and it being shared to all the keyservers.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 325 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20161017/e24a0219/attachment.sig>


More information about the Gnupg-users mailing list