At 10:26 PM 1/8/96 +1100, Jiri Baum wrote:
2) I would like to see a program like private Idaho have the ability to send mail to the key server and grab all of the "unknown signator" keys. ...
This is very easy, at least in Unix: pgp -kvv, grep, cut, for.
In DOS, you can do pgp -kvv and find, then edlin to change every "sig" into "call getkey", call the resulting (batch) file, which will call GETKEY.BAT for every missing key. I hope.
This is about what I do now. I am writing a perl program that splits the requests up into seperate mail messages and dumps them out to the mail program dujour.
However, I don't see much of a point to it: these are people you don't even know the keys of; how are you going to know whether they are trustworthy? (The Web-o-Trust can only tell you who they are, not whether to trust them.)
True, but I hate seeing keys with 40 signatures on it and all of them read "Unknown Signator". (I am expecting someone to use "Unknown Signator" or "Key revoked" as a nym any day now.)
...
This would have the interesting effect of building a more complete keyring, while using the "web of trust" to weed out alot of the bogus keys that tend to crop up on the key servers. After n number of itenerations you would have more of the "important keys" and the ones that have little or no signage would be left to ...
No, you wouldn't. You would tend to have the keys that sign a lot of other keys, which would include both SLED (Four-11) and a lot of careless people that sign every key in sight.
Very good point! I was actually talking about the "incredibly bogus keys that stopped living and take up valuable keyserver space". Keys with names like "Wow! This is neat! I think I will create 3-4 keys a day!!!!!". (I actually wound up retrieving a key like this. They are pretty annoying...)
How about, instead:
3) A way to retrieve all the keys signed by a given entity.
This would have the effect that when you come to trust Alice, you can simply go and get all the keys she signed. I believe the present keyservers don't allow that... (Or else I don't know how to ask for it.)
I like that idea alot! That way you can retrieve keys signed by people you trust. (Would this be the "Web of Guilt by Association"?) It might have a downside or two... (Privacy for key signers? Job seekers denied a job because they signed the key of a known member of the four horsemen? "Are you or have you ever been a key signer for Tim May or one of his Tentacles?") Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction `finger -l alano@teleport.com` for PGP 2.6.2 key http://www.teleport.com/~alano/ "Governments are potholes on the Information Superhighway." - Not TCMay