lsign produces exportable signatures when used for self-sigs
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Fri Sep 13 16:43:19 CEST 2013
On 09/13/2013 10:17 AM, David Shaw wrote:
> On Sep 13, 2013, at 1:22 AM, Daniel Kahn Gillmor <dkg at fifthhorseman.net> wrote:
>
>> GnuPG is currently not able to create a non-exportable self-sig. If you
>> try to do this, it gives an error:
>>
>> WARNING: the signature will not be marked as non-exportable.
>
> This is by design (hence the warning message), as an unsigned user ID is not really meaningful as anyone could add it against the will of the keyholder, and a locally signed user ID is effectively unsigned.
I'm not advocating for keyservers to traffic in (or for gpg to export or
import by default) keys with unsigned user IDs. That would be a Bad Thing.
What i'm asking for is to make it possible for people who do not want
their key on the keyservers, ever, to be able to explicitly state it in
their self-signatures. I hope this will not be a large class of users,
but i know it is a non-empty set.
Regards,
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1027 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20130913/1216503e/attachment.sig>
More information about the Gnupg-users
mailing list