On Apr 8, 2011, at 6:48 PM, Daniel Kahn Gillmor wrote:

> On 04/08/2011 02:19 PM, John Clizbe wrote:
>> There are additional options for the keyserver-options line. I recommend 
>> adding
>> ' include-subkeys include-revoked import-clean'. See the gpg man page.
> 
> Thanks for these pointers, John.  If you think these are good options,
> maybe we should advocate for changing the defaults to include them?
> 
> I support setting include-subkeys and include-revoked to on by default.
> The only reason these aren't more seriously problematic right now is
> that SKS (the dominant HKP implementation today) automatically searches
> subkeys and includes revoked keys.  That is, these options have no
> effect when querying SKS keyservers.
> 
> As a keyserver client, i think gpg should make it clear that it wants
> these options by default, in case any keyservers attempt to honor them.

I agree that include-subkeys should be on by default.  That only makes sense, 
especially now that subkeys are frequently used for signing.

I'm not so sure about include-revoked, though.  For that one, context matters.  
If the user is doing a --refresh-keys, then yes, revoked keys are necessary.  
If the user is searching by name for a key they don't currently have, then 
including revoked keys is noisy and potentially confusing (remember that anyone 
can fake a revocation for any one else's key on a keyserver).

David


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to