key question

David Shaw dshaw at
Fri Feb 26 23:08:28 CET 2010

On Feb 26, 2010, at 4:10 PM, MFPA wrote:

>>> Just curious... Does support just mean it sets the
>>> bit?  Or will it turn an attempt to --send-keys on
>>> that key into a no-op?
>> Support means it gives the user the ability to set and
>> clear the bit (it is set by default).
> Would there not be some merit in honouring the flag by (at least)
> giving an extra warning to answer if you execute --send-keys to upload
> a key with that bit set?

I don't think so.  At best it's a false sense of security to block or warn on "gpg --send-keys xxxx" but not on (for example) "gpg --export xxxx" (which is then followed by by sending the key via a web browser or email).  It also doesn't affect PGP.  I'd rather not give the user the impression that this is more than it is.

Plus (and I'll admit to a level of amusement in this situation), virtually all keys generated with GPG have the no-modify bit set, as it's the default.  It would thus block/warn on most every key.


More information about the Gnupg-users mailing list