On 06/21/2010 06:32 PM, David Shaw wrote: > On Jun 21, 2010, at 6:11 PM, Alex Mauer wrote: > >> I see that there is currently the import-option "import-local-sigs" >> which obviously allows the import of key-signatures marked non-exportable. >> >> It seems to me that it would be helpful to have a variant of this, which >> would only allow import of local signatures where the corresponding >> secret key was already available, and for this behavior to be the default. > > Not only is it reasonable, it is already the case :)
Why is it more reasonable to auto-import local signatures if the secret
key of the issuer is available than otherwise?
I'm trying to understand the use case that you guys both seem to have
intuitively picked up. Some of the common use cases i've seen for
non-exportable sigs definitely do *not* have people importing them from
keys they control, so i'm not seeing why it's a special case.
Can you help me understand?
--dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
