Hello, I've spent some time trying to figure out how to make actual use of the web-of-trust (the "pgp" trust-model), and I am turning to this list for some advice, related to a couple of questions:
1. My public keyring has several thousand keys and "weighs" almost 500Mb. Every couple of runs, I'm told to run --check-trustdb, which takes several minutes to complete, then tells me that the next run will be in like 2 weeks, but three operations later, I'm again being asked to run --check-trustdb. The funny thing is that these operations are just message signing and authentication, sometimes decryption. However, parcimonie is running in the background, updating the keyring one key at a time. Is that the reason? If yes, is there any way to mitigate this? I've sketched out an idea under (3.) below, but maybe there's another way…? 2. I've also tried running --update-trustdb, but it seems that this process is *endless*. I have no idea how many keys remain, and I also got the impression that I keep seeing keys I already processed. How do you approach this? Or does everyone just use tofu these days? 3. Is there a way to run --check-trustdb or --update-trustdb not over the entire key graph, but only traversing to a certain depth starting from a specific key? Then I could tell parcimonie to run --check-trustdb for every key it imports, or have mutt run --update-trustdb for every key I want to use. This would iteratively achieve the job with the benefit that no cycles would be wasted processing trust for keys I never use. I understand --edit-key can be used to change the ownertrust, but I don't think it recomputes the WoT on change, does it? If there's no way to do this yet, would this be a useful addition to the UI, assuming it's technically possible? 4. Is there a tool to visualise or explain the computed validity of a key? I.e. one saying that e.g. Werner's key is valid because Daniel signed it, and I fully trust Daniel? There's wotsap, but I want to analyse my own keyring, not a .wot file… 5. Has anyone come up with a smart way to keep pubring/trustdb synchronised between multiple workstations? Thanks for any insights! -- @martinkrafft | http://madduck.net/ | http://two.sentenc.es/ darwinism is nothing without enough dead bodies. spamtraps: madduck.bo...@madduck.net
digital_signature_gpg.asc
Description: Digital GPG signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
