I have thought of an interesting issue which has to date not been
mentioned which is the following:
** Methods to check the status of public keys on one's public keychain.
Several weeks ago when I had to revoke several of my pgp keys I asked
myself if there was any way of notifying people who send me pgp messages
that my "public" key had been changed.
The only answer I could think of was to email everyone and inform them.
However another method would be preferable. Ideally if the "public" keys
in one's keychain could be verified/updated with those in a particular
keyserver than one would know if a key is still valid.
1. (local) keychain with public keys A, B, C
2. Key A has been revoked and sent to keyserver
3. user performs (local) public key "refresh"
a. public keys in local keychain are checked against keyserver
b. existing keys are checked to see if valid
c. existing keys if invalid -> "updated key" fetched
4. One now knows which locally held keys are "valid" (when compared vs.
I am curious as to why this "verification" is not present in any of the
pgp implentations to this date. Should it be in a future implementation?