local signatures: should they be importable by default in some cases?

Jameson Rollins jrollins at finestructure.net
Tue Jun 22 16:13:39 CEST 2010

On Tue, 22 Jun 2010 09:51:58 -0400, Jameson Rollins <jrollins at finestructure.net> wrote:
> I think the situation Daniel points out is one of the better usages for
> local signatures, and probably the main reason for having them in the
> first place.

Actually, looking at the RFC 4880 now, I see that the original
definition definitely was that local signatures were intended to *only*
be used by the issuer.  From section [0]:

  Non-exportable, or "local", certifications are signatures made by a
  user to mark a key as valid within that user's implementation only.

  Thus, when an implementation prepares a user's copy of a key for
  transport to another user (this is the process of "exporting" the
  key), any local certification signatures are deleted from the key.

  The receiver of a transported key "imports" it, and likewise trims any
  local certifications.


[0] http://tools.ietf.org/html/rfc4880#section-
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL: </pipermail/attachments/20100622/ed91e3ea/attachment.pgp>

More information about the Gnupg-users mailing list