On Apr 8, 2011, at 6:48 PM, Daniel Kahn Gillmor wrote: > On 04/08/2011 02:19 PM, John Clizbe wrote: >> There are additional options for the keyserver-options line. I recommend >> adding >> ' include-subkeys include-revoked import-clean'. See the gpg man page. > > Thanks for these pointers, John. If you think these are good options, > maybe we should advocate for changing the defaults to include them? > > I support setting include-subkeys and include-revoked to on by default. > The only reason these aren't more seriously problematic right now is > that SKS (the dominant HKP implementation today) automatically searches > subkeys and includes revoked keys. That is, these options have no > effect when querying SKS keyservers. > > As a keyserver client, i think gpg should make it clear that it wants > these options by default, in case any keyservers attempt to honor them.
I agree that include-subkeys should be on by default. That only makes sense, especially now that subkeys are frequently used for signing. I'm not so sure about include-revoked, though. For that one, context matters. If the user is doing a --refresh-keys, then yes, revoked keys are necessary. If the user is searching by name for a key they don't currently have, then including revoked keys is noisy and potentially confusing (remember that anyone can fake a revocation for any one else's key on a keyserver). David _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
