Currently, users have a public keyring containing certificates acquired
from many different sources. These certificates are often out of date,
sometimes in minor ways, sometimes in large ones. Since many users now
have always-on and fairly reliable internet connectivity, perhaps it
makes sense to add a new option: "update-before-use" (and its
corresponding "no-update-before-use").
This option would only be effective if a --keyserver option is also in use.
When the update-before-use option is in effect, GnuPG will, before any
encryption or verification, attempt to download the latest version of
that certificate from the keyserver. If one cannot be downloaded, GnuPG
will display a warning message and continue to encrypt and/or verify
using the certificate on the local keyring.
We already have something similar to this in --auto-key-retrieve, and
the same warnings about that option probably also apply here. The
principal difference would seem to be that auto-key-retrieve only
fetches certificates that are not on the local keyring, while
update-before-use would always fetch certificates.
Thoughts? Objections? "Sounds good, now write the patch?"
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
