local signatures: should they be importable by default in some cases?

Doug Barton dougb at dougbarton.us
Tue Jun 22 08:00:22 CEST 2010

On Tue, 22 Jun 2010, Daniel Kahn Gillmor wrote:

> On 06/21/2010 06:32 PM, David Shaw wrote:
>> On Jun 21, 2010, at 6:11 PM, Alex Mauer wrote:
>>> I see that there is currently the import-option "import-local-sigs"
>>> which obviously allows the import of key-signatures marked non-exportable.
>>> It seems to me that it would be helpful to have a variant of this, which
>>> would only allow import of local signatures where the corresponding
>>> secret key was already available, and for this behavior to be the default.
>> Not only is it reasonable, it is already the case :)
> Why is it more reasonable to auto-import local signatures if the secret
> key of the issuer is available than otherwise?

What do you think "local" signatures are, and what do you think they 
mean? (And no, I'm not trying to be snarky, you're asking about 
"intuition," so it makes sense to address the base assumptions.)

> I'm trying to understand the use case that you guys both seem to have
> intuitively picked up.  Some of the common use cases i've seen for
> non-exportable sigs definitely do *not* have people importing them from
> keys they control, so i'm not seeing why it's a special case.

Can you elaborate on the usage you're describing?



 	Improve the effectiveness of your Internet presence with
 	a domain name makeover!    http://SupersetSolutions.com/

 	Computers are useless. They can only give you answers.
 			-- Pablo Picasso

More information about the Gnupg-users mailing list