lsign produces exportable signatures when used for self-sigs

Nicholas Cole nicholas.cole at gmail.com
Fri Sep 13 14:24:12 CEST 2013


On Fri, Sep 13, 2013 at 12:22 AM, Daniel Kahn Gillmor
<dkg at fifthhorseman.net> wrote:
> GnuPG is currently not able to create a non-exportable self-sig.  If you
> try to do this, it gives an error:
>
>   WARNING: the signature will not be marked as non-exportable.
>
> But: some people might never want their keys to be published to the public
> keyservers, or have some User IDs that they keep locally that they do
> not want to be transmitted via the keyserver network.
>
> AIUI, keyservers should reject keys that do not have a self-signature.
> Keyservers should also honor the "non-exportable" marker by rejecting
> OpenPGP certification packets that have the "exportable" subpacket
> included and set to 0.
>
> So the sensible thing for a keyholder who wants their key to stay off
> the keyservers would be to issue a non-exportable self-signature.

I don't think this is sensible.  What is the point of a UID that
cannot be used by someone else?  If the UID is shared with anyone else
(even privately), it must have a self-signature, and so that signature
must be exportable.  If gpg starts --exporting keys with
non-self-signed UIDs, this will be a step backwards.

I see what you are trying to achieve, but I don't think this is the
right way to do it.  The correct way would be to have keyservers
honour the no-modify flag, or perhaps have some notation on the ID
that prevents uploading to a public keyserver.  I myself would favour
the latter approach.

N.



More information about the Gnupg-users mailing list