lsign produces exportable signatures when used for self-sigs

Daniel Kahn Gillmor dkg at fifthhorseman.net
Fri Sep 13 18:35:38 CEST 2013


On 09/13/2013 11:35 AM, Nicholas Cole wrote:
> Well. Why not trust your circle of contacts (because anyone using this
> scheme must be in a small circle) not to upload the keys to
> keyservers?
> 
> Perhaps if there is enough demand gpg could even have a "Never send
> these keys to keyservers" option in the config file, taking a list of
> fingerprints.

Because I want to be able to make it clear *to the keyservers*, not to
"the circle of contacts" that are using the key.  People make mistakes;
people change allegiances; people can be coerced.

I am talking about a statement made by the keyholder, about how they
want their key to propagate or not propagate.  We have a standard that
makes clear how to express this intent.  It makes sense to embed the
desired instructions in the key itself.

> Just a thought.  I'm against doing something that goes against the
> standard when there are other ways to achieve it.

I don't think anything that I have proposed here is in any way against
the standard.

Regards,

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1027 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20130913/a27bcb86/attachment.sig>


More information about the Gnupg-users mailing list