lsign produces exportable signatures when used for self-sigs

Fri Sep 13 16:40:26 CEST 2013

On Fri, Sep 13, 2013 at 3:29 PM, Daniel Kahn Gillmor
<dkg at fifthhorseman.net> wrote:
> On 09/13/2013 08:24 AM, Nicholas Cole wrote:
>
>> I don't think this is sensible.  What is the point of a UID that
>> cannot be used by someone else?  If the UID is shared with anyone else
>> (even privately), it must have a self-signature, and so that signature
>> must be exportable.
>
> It is possible to share non-exportable signatures between private users.
>  see --import-options import-local in gpg(1).  I know there are GnuPG
> users who prefer to avoid having their keys on the public keyservers
> entirely, and who are willing to accept the costs of doing manual key
> distribution using non-exportable certifications.
>
>> If gpg starts --exporting keys with
>> non-self-signed UIDs, this will be a step backwards.
>
> those keys will not be accepted by anyone as valid, and users will have
> had to jump through hoops to create them as such, so they know what
> they're getting themselves into.
>
>> I see what you are trying to achieve, but I don't think this is the
>> right way to do it.  The correct way would be to have keyservers
>> honour the no-modify flag,
>
> Nearly every key created by GnuPG in the last decade has had the
> no-modify flag set.  There was never consensus about exactly what it
> means, or how to interpret it: does it mean that keyservers need primary
> key approval before publishing a third-party certification on an OpenPGP
> cert?  if so, how does the primary keyholder express that approval?  And
> no keyservers ever implemented it, because there was no unambiguous
> mechanism *to* implement.
>
> interpreting it to mean "do not publish on the keyservers at all" would
> mean almost no keys would be on the keyservers.
>
>>  or perhaps have some notation on the ID
>> that prevents uploading to a public keyserver.
>
> We have that already.   It's having the "exportable" subpacket included
> in the certification, with the content set to 0, meaning
> "non-exportable".  That's what i'm trying to do.
>
>> I myself would favour the latter approach.

I'll admit your solution is ingenious. But all the same, I think you
are trying to overload one clearly defined feature of the openpgp spec
- a non-exportable signature - to try and force keyservers not to
store UIDs.  I really don't favour this approach at all.

Section 5.2.3.11. (Exportable Certification) of the openpgp spec very
clearly defines what "local" signatures are to be used for.  Your
solution works only because gpg provides a way to export even
non-exportable signatures, but that is not guaranteed by the spec.

If the no-modify flag is a dead-end, then (as I suggested) I think a
new notation that keyservers could honour is the the way forward on
this.