Key propagation
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Tue Jun 23 20:33:12 CEST 2009
On 06/23/2009 12:45 PM, franv wrote:
> I was wondering if it is possible to limit key propagation, that is the number
> of times a key can be exported and reimported.
A key is a piece of digital information; as such, it can be transferred
without loss an arbitrary number of times, and there's really no way to
prevent that (witness all the problems record companies have trying to
limit propagation of recordings they produce).
However, if you want to advise people that they should not export
signatures on your key, you can set the "no export" flag, making that
signature "local".
If you were to set that flag on your self-signature, then no one who
respects the intent of that flag would export the key itself, and
reasonable keyservers should not accept or store it, but i've never tried.
I'm not sure what you'd need to do to make sure that the non-exportable
flag was set on your self-signature with gpg. If you sort it out, it
would be great if you could publish how you did it.
note that this doesn't let you limit it to an arbitrary number of hops.
it simply requests that people do not propagate the certification (or
the associated key, if it's a self-sig), and reasonable clients should
respect that.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 890 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20090623/cbc5bc33/attachment.pgp>
More information about the Gnupg-users
mailing list