[pkg-gnupg-maint] Bug#909693: Bug#909693: gpgsm: seems to be dead slow when verifying pkcs7-signatures from within Sylpheed
Francesco Poli
invernomuto at paranoici.org
Thu Sep 27 23:57:13 BST 2018
On Thu, 27 Sep 2018 09:36:47 +0200 Werner Koch wrote:
> On Wed, 26 Sep 2018 22:44, invernomuto at paranoici.org said:
>
> > While verifying an OpenPGP signature with gpg is definitely fast,
> > verifying a pkcs7-signature with gpgsm is super slow.
>
> Sure that it is the verification and not the CRL or OCSP revocation
> check?
I was not sure of anything, actually.
The only thing I knew is that the whole verification operation took a
long time to complete.
> It dependes on the issuer of the certifciate. Try with
> "disable-crl-checks" in gpgsm.conf? OCSP check are disabled by default.
I have just tried with
$ cat ~/.gnupg/gpgsm.conf
disable-crl-checks
and it became super-fast!
What does this mean?
It's clear that the CRL revocation check is the step that takes a long
time.
But what do I miss, if I permanently disable CRL revocation checks?
The man page states that disabling CRL checks is especially intended
for off-line operations (which is not my case, except for infrequent
cases).
So, is disabling CRL checks advisable or not?
As always, thanks a lot for your very prompt and helpful replies.
They are really appreciated!
I wish all upstream developers behaved like this...
--
http://www.inventati.org/frx/
There's not a second to spare! To the laboratory!
..................................................... Francesco Poli .
GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnupg-maint/attachments/20180928/3d3e8a2c/attachment.sig>
More information about the pkg-gnupg-maint
mailing list