As discussed offline recently, auto-key-locate with any network transport is
very annoying to use, because it constantly stalls the client while it accesses
the network. My suggestion is to queue any network operations. This means that
the key will not be available for the current operation, but it will (probably)
be available in the future. Ideally, we wouldn't fire and forget, but wait up
to, say, 50 milliseconds (see  for why this is reasonable), before putting
the operation in the background. For encrypting messages, this won't work, but
for verifying signatures, this behavior will present a desirable tradeoff for
Two immediately obvious approaches are:
- When the network operation finishes, dirmngr then imports the key by calling
gpg --import to import the key into the keyring.
- We store the result in a local DB. When we see the same query again, we
simply return the result to the caller.