* options.skel: Document auto-key-locate and give a pointer to Simon

Josefsson's page for CERT.

2 files changed, 29 insertions, 0 deletions

diff --git a/g10/ChangeLog b/g10/ChangeLog
index 395d39a6a..578435165 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,8 @@
+2006-02-27  David Shaw  <[email protected]>
+
+	* options.skel: Document auto-key-locate and give a pointer to
+	Simon Josefsson's page for CERT.
+
 2006-02-24  David Shaw  <[email protected]>
 
 	* keydb.h, getkey.c (release_akl), gpg.c (main): Add
diff --git a/g10/options.skel b/g10/options.skel
index e9c0518a8..b72c7d523 100644
--- a/g10/options.skel
+++ b/g10/options.skel
@@ -216,3 +216,27 @@ keyserver hkp://subkeys.pgp.net
 # --gpg-agent-info=<path>:<pid>:1
 #
 # may be used to override it.
+
+# Automatic key location
+#
+# GnuPG can automatically locate and retrieve keys as needed using the
+# auto-key-locate option.  This happens when encrypting to an email
+# address (in the "[email protected]" form), and there are no
+# [email protected] keys on the local keyring.  This option takes the
+# following arguments, in the order they are to be tried:
+# 
+# cert = locate a key using DNS CERT, as specified in 2538bis
+# (currently in draft): http://www.josefsson.org/rfc2538bis/
+#
+# pka = locate a key using DNS PKA.
+#
+# ldap = locate a key using the PGP Universal method of checking
+# "ldap://keys.(thedomain)".
+#
+# keyserver = locate a key using whatever keyserver is defined using
+# the keyserver option.
+#
+# You may also list arbitrary keyservers here by URL.
+#
+# Try CERT, then PKA, then LDAP, then hkp://subkeys.net:
+#auto-key-locate cert pka ldap hkp://subkeys.pgp.net