On 06/23/2009 12:45 PM, franv wrote: > I was wondering if it is possible to limit key propagation, that is the > number > of times a key can be exported and reimported.
A key is a piece of digital information; as such, it can be transferred
without loss an arbitrary number of times, and there's really no way to
prevent that (witness all the problems record companies have trying to
limit propagation of recordings they produce).
However, if you want to advise people that they should not export
signatures on your key, you can set the "no export" flag, making that
signature "local".
If you were to set that flag on your self-signature, then no one who
respects the intent of that flag would export the key itself, and
reasonable keyservers should not accept or store it, but i've never tried.
I'm not sure what you'd need to do to make sure that the non-exportable
flag was set on your self-signature with gpg. If you sort it out, it
would be great if you could publish how you did it.
note that this doesn't let you limit it to an arbitrary number of hops.
it simply requests that people do not propagate the certification (or
the associated key, if it's a self-sig), and reasonable clients should
respect that.
--dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
