Key Eater Needed. NOT!

[Pat Farrell]

  Matthew J Ghio <mg5n+ at andrew.cmu.edu>  writes:
> How about people just keep their keys, and the signatures, but they
> re-sign their own keys every six months or so?  In order to keep their
> keys on the keyserver, they must submit a PGP signed message to prove
> that they still have that key. If they don't, the key is assumed to be
> lost, and it is deleted.

I have no problem with periodic deletion of keys from keyservers. They are
interesting, but not a very important part of strong crypto (IMHO).

My objection is to anything that makes the key itself invalid over a period
that I don't chose.

I'm not sure what problem you are trying to solve. Loading the whole public
ring from the servers exceeds my definition of reasonable procesing now.
Since the number of keys keeps growing, I expect that it will never be
SOP to munge all of them. You will get keys directly, or get a few specific
ones on demand.

If you're just trying to save disk space on the keyservers, I'm not all that
sure it is worth the effort. Disks are cheap, and getting cheaper. But
your approach is as good as any. I know there are lots of keys on the
servers that are no longer active -- I collected a few hundred that I
exchanged with Phil K two years ago, and know many are unused starting with
strnlght, the folks at CERT, and Brad Cox's key of that vintage. Even if a
fair percentage, say 25% are dead, the savings are pretty trivial.

Pat

Pat Farrell      Grad Student                 pfarrell at cs.gmu.edu
Department of Computer Science    George Mason University, Fairfax, VA
Public key availble via finger          #include <standard.disclaimer>