AFTER THE PARTY [was Re: ANNOUNCEMENT: Bay Area Debian Get-Together and Key-signing Party]

M. Drew Streib dtype@dtype.org
Tue, 10 Jul 2001 21:38:06 +0000 

--umrsQkkrw7viUWFs
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Jul 10, 2001 at 02:27:16PM -0700, Tony Godshall wrote:
> Q2: One FM says that keyservers exchange keys amongst each=20
> other so there's no point submitting to multiple key=20
> servers.  Does this mean the debian keyserver now has them=20
> too or does it not participate in the key exchanging?
> Or does the debian keyserver not participate with the
> pgp.net keyservers?

I don't believe that the Debian keyserver syncs with pgp.net,
but is for developer keys only. Please someone correct me if
I'm wrong.

> Q4: How to I check if my key has been signed according to
> the keyservers?

gpg --keyserver name.of.keyserver --recv-keys YORKEYID

> Q5: Which keyserver should I put in my ~/gnupg/options: the
> pgp.net one or the debian one.  It only seems to check one
> of them when I read mail in mutt.

I believe (biased, but probably true) that pgp.dtype.org
(wwwkeys.us.pgp.net) is the best connected and most complete
ring in the US, and one of the most connected few in the world.
It is connected with SURFnet (nl), MIT, GATech (Peter Wan), and
soon keyserver/certserver.pgp.com (NAI).

> Q6: (perhaps off-topic) Is there a procmail or fetchmail
> recipe I can use to have gpg go fetch/check keys when the=20
> mail arrives on my system (occasionally it is annoying=20
> waiting for gpg to retreive keys when reading messages is=20
> sometimes annoying).  I've searched a bunch of mailling list
> archives but all I seem to find are recipes to encrypt or
> sign outgoing mail automatically.

Use a fast keyserver and the delay should be minimal.

If you want to pull new sigs from all the keys in your ring, try the
following perl.

#!/usr/bin/perl

$raw =3D `gpg --list-keys`;

@line =3D split(/\n/,$raw);

for ($i=3D0;$i<@line;$i++) {
        if ($line[$i] =3D~ /R|D\/(\S\S\S\S\S\S\S\S) /) {
                if ($1) {
                        print "Updating $1...\n";
                        print `gpg --keyserver pgp.dtype.org --recv-keys $1=
`;
                }
        }
}

-drew

--=20
M. Drew Streib <dtype@dtype.org> | http://dtype.org/
FSG <dtype@freestandards.org>    | Linux International <dtype@li.org>
freedb <dtype@freedb.org>        | SourceForge <dtype@sourceforge.net>

--umrsQkkrw7viUWFs
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjtLdb4ACgkQg2i7WWb7wYxVfgCgqwYDcDQQxo3AP20FUX6/PzfY
M9cAnA4fU0lP4CSL5wB7UXqqFm2Xjh81
=nAZQ
-----END PGP SIGNATURE-----

--umrsQkkrw7viUWFs--