local signatures: should they be importable by default in some cases?

Daniel Kahn Gillmor dkg at fifthhorseman.net
Tue Jun 22 08:36:26 CEST 2010


On 06/22/2010 02:00 AM, Doug Barton wrote:
> What do you think "local" signatures are, and what do you think they
> mean? (And no, I'm not trying to be snarky, you're asking about
> "intuition," so it makes sense to address the base assumptions.)

non-exportable certifications are simply certifications which keyservers
have been instructed to ignore.

>> I'm trying to understand the use case that you guys both seem to have
>> intuitively picked up.  Some of the common use cases i've seen for
>> non-exportable sigs definitely do *not* have people importing them from
>> keys they control, so i'm not seeing why it's a special case.
> 
> Can you elaborate on the usage you're describing?

I'm thinking of a situation involving three people: Alice, Bob, and Charlie.

Alice has met Bob in person and has verified his key.  Alice does not
want this information to be publicly available (e.g., she has concerns
about exposing a transparent social graph via the keyservers).  However,
Alice knows and trusts Charlie and wants to put Bob in touch with
Charlie, even though Charlie and Bob have never spoken before, and
certainly have not verified each others' keys.

Alice makes a non-exportable certification over Bob's key+userID, and
mails it to Charlie (in an encrypted message, of course).  Charlie
imports the certification.  Now even if Charlie does something like "gpg
--send $BobsKeyID", the fact that Alice has met Bob will not be publicly
exposed.

Seem like a reasonable use case for non-exportable certifications?

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 892 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20100622/2db8b0f3/attachment.pgp>


More information about the Gnupg-users mailing list