Managing the WoT with GPG
Peter Lebbing
peter at digitalbrains.com
Fri Jun 23 17:56:18 CEST 2017
On 23/06/17 15:50, Neal H. Walfield wrote:
> Ensuring that a cache is consistent is *hard*. I don't think we want
> to add complexity (nevermind a cache!) to this security-critical
> functionality.
There are two hard problems in computer science: Cache invalidation,
naming things, and off-by-one errors.
Martin, I think --no-auto-check-trustdb and a cron job will already make
it much more bearable, with the current state of things. That's what I'd
suggest.
Other than that, I don't think my outlined strategy is very complex, it
basically boils down to not actually checking a signature until it is
used to compute validity, and stop for a specific key when full validity
is reached. I could be wrong though. It just doesn't seem like it should
be high on a TODO list, which in practice probably means it won't be
done. If the cron job wasn't available as an option, the situation would
be different.
Peter.
PS: I didn't come up with "There are two..." but I can't be arsed to
look up proper attribution :-).
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20170623/61fb1667/attachment.sig>
More information about the Gnupg-users
mailing list