Hello Kristian,
I hardly think that *any* client has the CA of sks installed per
default (nor would an average client care to).
it is part of gnupg 2.1 [0]
hm ... even if gnugpg 2.1 will check the CRL (i assume, you don't (plan
to) run an OCSP-server) ...
when i access the keyserver-pool using my browser to have an encrypted
channel to search/upload/... keys, the revocation-status of a
certificate should be checked.
currently (without the CRL) the expiration date is the only way my
browser knows, that the certficate is no longer valid.
... and ... yes ... gnug 2.1 is not "every client" ... ;-)
have a nice day ...
_______________________________________________
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel
