franv at desart.ca
Tue Jun 23 23:59:57 CEST 2009
Thanks for the answer Daniel.
That's more or less what I thought, even though I could retain the control of
the exported key file, of course once imported on the other computer, it is
then written in the gpg conf files that could in turn be copied to another
On Tuesday 23 June 2009 11:33:12 Daniel Kahn Gillmor wrote:
> On 06/23/2009 12:45 PM, franv wrote:
> > I was wondering if it is possible to limit key propagation, that is the
> > number of times a key can be exported and reimported.
> A key is a piece of digital information; as such, it can be transferred
> without loss an arbitrary number of times, and there's really no way to
> prevent that (witness all the problems record companies have trying to
> limit propagation of recordings they produce).
> However, if you want to advise people that they should not export
> signatures on your key, you can set the "no export" flag, making that
> signature "local".
> If you were to set that flag on your self-signature, then no one who
> respects the intent of that flag would export the key itself, and
> reasonable keyservers should not accept or store it, but i've never tried.
> I'm not sure what you'd need to do to make sure that the non-exportable
> flag was set on your self-signature with gpg. If you sort it out, it
> would be great if you could publish how you did it.
> note that this doesn't let you limit it to an arbitrary number of hops.
> it simply requests that people do not propagate the certification (or
> the associated key, if it's a self-sig), and reasonable clients should
> respect that.
More information about the Gnupg-users