Key propagation

David Shaw dshaw at jabberwocky.com
Wed Jun 24 04:53:16 CEST 2009


On Jun 23, 2009, at 2:33 PM, Daniel Kahn Gillmor wrote:

> On 06/23/2009 12:45 PM, franv wrote:
>> I was wondering if it is possible to limit key propagation, that is  
>> the number
>> of times a key can be exported and reimported.
>
> A key is a piece of digital information; as such, it can be  
> transferred
> without loss an arbitrary number of times, and there's really no way  
> to
> prevent that (witness all the problems record companies have trying to
> limit propagation of recordings they produce).
>
> However, if you want to advise people that they should not export
> signatures on your key, you can set the "no export" flag, making that
> signature "local".
>
> If you were to set that flag on your self-signature, then no one who
> respects the intent of that flag would export the key itself, and
> reasonable keyservers should not accept or store it, but i've never  
> tried.

Unfortunately, local signatures do not work that way.  Each  
implementation strips local signatures both on export and on import  
(just in case someone leaked one on export).  They just don't have  
anything to do with exporting keys.

David




More information about the Gnupg-users mailing list