auto refresh-keys

Daniel Kahn Gillmor dkg at fifthhorseman.net
Wed Jun 16 19:10:17 CEST 2010


On 06/16/2010 01:03 PM, MFPA wrote:
>> Plus, if we can demonstrate that GnuPG cares about
>> minimizing costs to the user in terms of disk space, we
>> also stand in a better rhetorical position to encourage
>> development (or adoption) of alternate keyserver fetch
>> requests that could apply similar minimization
>> heuristics to bandwidth.
> 
> What sort of alternate fetch requests do you envision? Fetch-minimal?
> Fetch-no-photos?

I was considering the same heuristics that i outlined here (though
they'd be relative to the keys that they *keyserver* knows about, rather
than the keys that the user knows about, of course).  This would be a
species of "fetch-reduced"

Your "fetch-minimal" would probably only fetch the latest
cryptographically-valid self-certifications made by the key itself (or
its subkeys.  This would facilitate fetching revocations, expiration
updates, changes in algorithm preferences, etc.

a "no-UATs" flag (what i think you mean by "no-photos") might also be
useful in minimizing bandwidth if the mechanism doing the checking has
no way of dealing with UATs.

Do you have other suggestions?  We should consider bringing a
prioritized form of these to the sks-devel list.  Probably
"fetch-minimal" would have the best work-to-reward ratio, though it
would involve teaching SKS about how to compute the crypto.

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 892 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20100616/ff63b313/attachment.pgp>


More information about the Gnupg-users mailing list