local signatures: should they be importable by default in some cases?
Jameson Rollins
jrollins at finestructure.net
Tue Jun 22 16:13:39 CEST 2010
On Tue, 22 Jun 2010 09:51:58 -0400, Jameson Rollins <jrollins at finestructure.net> wrote:
> I think the situation Daniel points out is one of the better usages for
> local signatures, and probably the main reason for having them in the
> first place.
Actually, looking at the RFC 4880 now, I see that the original
definition definitely was that local signatures were intended to *only*
be used by the issuer. From section 5.2.3.11 [0]:
Non-exportable, or "local", certifications are signatures made by a
user to mark a key as valid within that user's implementation only.
Thus, when an implementation prepares a user's copy of a key for
transport to another user (this is the process of "exporting" the
key), any local certification signatures are deleted from the key.
The receiver of a transported key "imports" it, and likewise trims any
local certifications.
jamie.
[0] http://tools.ietf.org/html/rfc4880#section-5.2.3.11
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL: </pipermail/attachments/20100622/ed91e3ea/attachment.pgp>
More information about the Gnupg-users
mailing list