Hello, I would like to suggest a new option for GnuPG (mainly intended for the config file) which would automatically try to import an update for the certificate if it has expired (both from the standard key server and from the preferred one if set).
I guess that many users don't understand that in case of certificate expiration it is often the solution to just refresh the certificate. This feature would avoid problems for these users (and encourage the use of expiration dates which IMHO is useful). Of course, this could be done in the GUIs but this seems to be a trivial extension and would avoid having to wait for all GUIs to care. And it's not on "high GUI level" but relevant for console usage, too. In the long term each certificate should get a timestamp entry in trustdb for the last update check. With that a new option could be defined which causes gpg to check for updates of a certain certificate if it is to be used and has not been checked for updates for more than x days. Refresh discipline seems to me to be a serious problem. And just checking the whole key ring every x days would be a waste of resources (especially on the key servers). Hauke -- Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users