local signatures: should they be importable by default in some cases?

[Grant Olson]

On 6/22/10 12:25 AM, Daniel Kahn Gillmor wrote:
> On 06/21/2010 06:32 PM, David Shaw wrote:
>> On Jun 21, 2010, at 6:11 PM, Alex Mauer wrote:
>>
>>> I see that there is currently the import-option "import-local-sigs"
>>> which obviously allows the import of key-signatures marked non-exportable.
>>>
>>> It seems to me that it would be helpful to have a variant of this, which
>>> would only allow import of local signatures where the corresponding
>>> secret key was already available, and for this behavior to be the default.
>>
>> Not only is it reasonable, it is already the case :)
> 
> Why is it more reasonable to auto-import local signatures if the secret
> key of the issuer is available than otherwise?
> 
> I'm trying to understand the use case that you guys both seem to have
> intuitively picked up.  Some of the common use cases i've seen for
> non-exportable sigs definitely do *not* have people importing them from
> keys they control, so i'm not seeing why it's a special case.
> 
> Can you help me understand?
> 

To me a local sig is basically saying, "I'm signing this key as a
convenience, but I haven't done proper verification, so I'm not going to
publicly vouch for this key."  In that case, the only local sigs I can
trust are the ones that I myself created.  And if I have the public key
that's a pretty good indication that the local signature came from me.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 559 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20100622/a0da07e3/attachment.pgp>