Automatically delete old keys from servers

Teemu Likonen tlikonen at iki.fi
Tue Sep 17 18:10:02 CEST 2019


Daniel Bossert [2019-09-17T15:12:09+02] wrote:

> On the key servers are many old keys lying around which aren't valid
> anymore.
>
> Could you implement a function on the servers which delete keys after
> let's say one year automatically,reminding the user via email one
> month ahead to reupload the keys?

That is the very purpose of invalid (revoked, expired) keys in the
server: tell people that the keys are invalid and not to be used. If the
keys were removed from servers (which won't happen) it would be more
difficult to share that important information.

A reminder email doesn't sound like a good idea: a key might be revoked
or expired because the owner's email address is no longer valid. The
server can't know if user wants to update key's expiration date or if
the key is expired or revoked for good.

keys.openpgp.org is different from usual SKS keyservers so there might
be different policies. My views in above paragraphs are about SKS
keyservers.

-- 
///  OpenPGP key: 4E1055DC84E9DFF613D78557719D69D324539450
//  https://keys.openpgp.org/search?q=tlikonen@iki.fi
/  https://keybase.io/tlikonen  https://github.com/tlikonen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 694 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20190917/b3bd825d/attachment.sig>


More information about the Gnupg-users mailing list