if you're sending the public keys around like that, you'll be opening the system up to man-in-the-middle attacks.

PKI is usually the hardest part of a system to get right. want you need is to either have the public keys distributed beforehand in a trusted manner (eg, you manually scp copies to each machine) or have them centrally distributed from a trusted source (maybe a webserver with SSL). in either of those cases, you wouldn't need to bother sending the public key itself, just the id of the key. another alternative would be to have a central signing authority that would sign all of the keys beforehand, then you could just require that anyone trying to connect have a public key signed by this authority.

is there any reason you feel you have to use PGP and not something like SSL which is actually designed for encrypting socket connections like this (PGP is going to be slow in this applicationn) and that probably has a more convenient (and proven) PKI?

if you stick with PGP, you definately should at least have each of the machines cache the public keys so they only need to be sent once. after the first time machines connect to each other and exchange keys, they would just identify themselves by name or id and not have to re-send keys all the time. this would be more efficient and even reduce the window of opportunity for a MIM attack to that first key exchange.

anders pearson