We already fetch configured trusted keys from an LDAP server if they are missing. However we don't do this for trusted keys from others organizations which could be detected by having a trust signature. This is easy to add but remember to add an option to disable this feature. it might be usefule to enable the feature only if a trusted-key is used. This would be similar to T7025.