IETF Logo Mail Archive

[openpgp] Unuploadable Keys

"Neal H. Walfield" <neal@walfield.org> Wed, 15 July 2015 14:21 UTC

Return-Path: <neal@walfield.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7F56B1A9173 for <openpgp@ietfa.amsl.com>; Wed, 15 Jul 2015 07:21:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.149
X-Spam-Level: *
X-Spam-Status: No, score=1.149 tagged_above=-999 required=5 tests=[BAYES_50=0.8, HELO_EQ_DE=0.35, SPF_HELO_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IygBHMhtsLF6 for <openpgp@ietfa.amsl.com>; Wed, 15 Jul 2015 07:21:58 -0700 (PDT)
Received: from mail.dasr.de (mail.dasr.de [217.69.77.164]) by ietfa.amsl.com (Postfix) with ESMTP id AF59B1A914F for <openpgp@ietf.org>; Wed, 15 Jul 2015 07:21:58 -0700 (PDT)
Received: from p5081366d.dip0.t-ipconnect.de ([80.129.54.109] helo=mail.huenfield.org) by mail.dasr.de with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.76) (envelope-from <neal@walfield.org>) id 1ZFNZK-0006tC-VI for openpgp@ietf.org; Wed, 15 Jul 2015 14:21:55 +0000
Received: from grit.huenfield.org ([192.168.20.253]) by mail.huenfield.org with esmtps (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <neal@walfield.org>) id 1ZFNZJ-0001kj-VV for openpgp@ietf.org; Wed, 15 Jul 2015 16:21:55 +0200
Received: from ip6-localhost.huenfield.org ([::1] helo=grit.huenfield.org.walfield.org) by grit.huenfield.org with esmtp (Exim 4.84) (envelope-from <neal@walfield.org>) id 1ZFNZI-00078G-5H for openpgp@ietf.org; Wed, 15 Jul 2015 16:21:52 +0200
Date: Wed, 15 Jul 2015 16:21:52 +0200
Message-ID: <87a8uxlcvz.wl-neal@walfield.org>
From: "Neal H. Walfield" <neal@walfield.org>
To: IETF OpenPGP <openpgp@ietf.org>
User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue) FLIM/1.14.9 (Gojō) APEL/10.8 EasyPG/1.0.0 Emacs/24.4 (x86_64-pc-linux-gnu) MULE/6.0 (HANACHIRUSATO)
MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset="US-ASCII"
X-SA-Exim-Connect-IP: 192.168.20.253
X-SA-Exim-Mail-From: neal@walfield.org
X-SA-Exim-Version: 4.2.1 (built Mon, 26 Dec 2011 17:06:47 +0000)
X-SA-Exim-Scanned: Yes (on mail.huenfield.org)
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/p_2Fdx1W3WrlGXmwqMTXAfThzHY>
Subject: [openpgp] Unuploadable Keys
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Jul 2015 14:21:59 -0000

Hi,

OpenPGP has support for local signatures.  It would be nice to have
something similar for keys as well.  The motivation for this feature
is: some people have keys that they don't want to have widely
distributed and training others to respect this is very difficult.

Concretely, it should be possible to mark a key as not exportable to a
keyserver or to provide a list of key servers (perhaps described using
regular expressions as per Section 8 of RFC 4880) to which it may be
exported.

  This could be implemented as a new signature subpacket.

  When the key is exported (e.g., using gpg2 --export KEYID), a
  warning should be issued that the key is not intended for public
  distribution.


I realize that this proposal is very informal.  However, I'd like to
hear if something like this is interesting for RFC 4880bis.  If so,
I'd be happy to try and come up with some more formal.

Thanks!

:) Neal

v2.23.0 | Report a Bug | By Email