local signatures: should they be importable by default in some cases?

[David Shaw]

On Jun 22, 2010, at 12:25 AM, Daniel Kahn Gillmor wrote:

> On 06/21/2010 06:32 PM, David Shaw wrote:
>> On Jun 21, 2010, at 6:11 PM, Alex Mauer wrote:
>> 
>>> I see that there is currently the import-option "import-local-sigs"
>>> which obviously allows the import of key-signatures marked non-exportable.
>>> 
>>> It seems to me that it would be helpful to have a variant of this, which
>>> would only allow import of local signatures where the corresponding
>>> secret key was already available, and for this behavior to be the default.
>> 
>> Not only is it reasonable, it is already the case :)
> 
> Why is it more reasonable to auto-import local signatures if the secret
> key of the issuer is available than otherwise?
> 
> I'm trying to understand the use case that you guys both seem to have
> intuitively picked up.  Some of the common use cases i've seen for
> non-exportable sigs definitely do *not* have people importing them from
> keys they control, so i'm not seeing why it's a special case.

The definition of a local, or non-exportable, signature is one that is not intended (for whatever reason) to be used by someone other than the issuer.  Perhaps I should say the "original" definition, as with many other things, people can come up with creative uses for it that were not specifically discussed in the standard.

In any event, if a signature is not intended to be used by someone other than the issuer, then it is reasonable that the issuer (or in practice, someone who possesses the issuing secret key) should be able to import the signature without it being stripped off.  After all, it's a signature made by themselves for their own benefit.

David