local signatures: should they be importable by default in some cases?

Daniel Kahn Gillmor dkg at fifthhorseman.net
Tue Jun 22 06:25:15 CEST 2010

On 06/21/2010 06:32 PM, David Shaw wrote:
> On Jun 21, 2010, at 6:11 PM, Alex Mauer wrote:
>> I see that there is currently the import-option "import-local-sigs"
>> which obviously allows the import of key-signatures marked non-exportable.
>> It seems to me that it would be helpful to have a variant of this, which
>> would only allow import of local signatures where the corresponding
>> secret key was already available, and for this behavior to be the default.
> Not only is it reasonable, it is already the case :)

Why is it more reasonable to auto-import local signatures if the secret
key of the issuer is available than otherwise?

I'm trying to understand the use case that you guys both seem to have
intuitively picked up.  Some of the common use cases i've seen for
non-exportable sigs definitely do *not* have people importing them from
keys they control, so i'm not seeing why it's a special case.

Can you help me understand?


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 892 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20100622/ef79f717/attachment.pgp>

More information about the Gnupg-users mailing list