Hi,
OpenPGP has support for local signatures. It would be nice to have
something similar for keys as well. The motivation for this feature
is: some people have keys that they don't want to have widely
distributed and training others to respect this is very difficult.
Concretely, it should be possible to mark a key as not exportable to a
keyserver or to provide a list of key servers (perhaps described using
regular expressions as per Section 8 of RFC 4880) to which it may be
exported.
This could be implemented as a new signature subpacket.
When the key is exported (e.g., using gpg2 --export KEYID), a
warning should be issued that the key is not intended for public
distribution.
I realize that this proposal is very informal. However, I'd like to
hear if something like this is interesting for RFC 4880bis. If so,
I'd be happy to try and come up with some more formal.
Thanks!
:) Neal
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp