Key propagation

[David Shaw]

On Jun 24, 2009, at 12:21 AM, Daniel Kahn Gillmor wrote:

> On 06/23/2009 10:53 PM, David Shaw wrote:
>> Unfortunately, local signatures do not work that way.  Each
>> implementation strips local signatures both on export and on import
>> (just in case someone leaked one on export).  They just don't have
>> anything to do with exporting keys.
>
> Right, but a key with no valid self-sigs won't be imported either,
> right?  If all self-sigs were marked non-exportable, wouldn't that  
> limit
> the import (if not export) of the key itself?

A non-exportable self-sig would not be exported by the owner unless  
the manually forced it to export.  Similarly, those self-sigs would  
not be imported by anyone else unless they manually forced it to  
import.  Similarly again, those self-sigs would not be re-exported  
unless they were manually forced to export  And so on.

To say nothing of the fact that even if you did this, it just removes  
the self-sigs, and a key is not required to have self-sigs to work!   
The trust calculations will kick it out as invalid, but again, the  
sender can ask for it to be used anyway.

It boils down to a very complicated way to say the same thing I said  
before: "You can ask those people, nicely, to not give your key out to  
anyone, but that's about it."

David