diff --git a/g10/ChangeLog b/g10/ChangeLog
index cf664145c..af25eb9a3 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,5 +1,18 @@
 2002-07-22  David Shaw  <dshaw@jabberwocky.com>
 
+	* options.h, main.h, export.c (parse_export_options,
+	do_export_stream), g10.c (main): add new --export-options option.
+	Current flags are "include-non-rfc", "include-local-sigs",
+	"include-attributes", and "include-sensitive-revkeys".
+
+	* options.h, hkp.c (hkp_export), keyserver.c
+	(parse_keyserver_options, keyserver_spawn): try passing unknown
+	keyserver options to export options, and if successful, use them
+	when doing a keyserver --send-key.
+
+	* build-packet.c (build_sig_subpkt): We do not generate
+	SIGSUBPKT_PRIV_VERIFY_CACHE anymore.
+
 	* revoke.c (gen_desig_revoke): Lots more comments about including
 	sensitive revkeys along with the revocation sig itself.
 
diff --git a/g10/build-packet.c b/g10/build-packet.c
index fd1540528..e7bc3f638 100644
--- a/g10/build-packet.c
+++ b/g10/build-packet.c
@@ -763,8 +763,10 @@ build_sig_subpkt (PKT_signature *sig, sigsubpkttype_t type,
 	nlen = 1; /* just a 1 byte length header */
 
     switch( type ) {
-      case SIGSUBPKT_ISSUER:
       case SIGSUBPKT_PRIV_VERIFY_CACHE: /*(obsolete)*/
+	BUG();
+	break;
+      case SIGSUBPKT_ISSUER:
         hashed = 0;
         break;
       default: 
diff --git a/g10/export.c b/g10/export.c
index 83e6b970e..853be3b96 100644
--- a/g10/export.c
+++ b/g10/export.c
@@ -34,21 +34,65 @@
 #include "main.h"
 #include "i18n.h"
 
-static int do_export( STRLIST users, int secret, int flags );
+static int do_export( STRLIST users, int secret, unsigned int options );
 static int do_export_stream( IOBUF out, STRLIST users,
-			     int secret, int flags, int *any );
+			     int secret, unsigned int options, int *any );
+
+int
+parse_export_options(char *str,unsigned int *options)
+{
+  char *tok;
+  int hit=0;
+  struct
+  {
+    char *name;
+    unsigned int bit;
+  } export_opts[]=
+    {
+      {"include-non-rfc",EXPORT_INCLUDE_NON_RFC},
+      {"include-local-sigs",EXPORT_INCLUDE_LOCAL_SIGS},
+      {"include-attributes",EXPORT_INCLUDE_ATTRIBUTES},
+      {"include-sensitive-revkeys",EXPORT_INCLUDE_SENSITIVE_REVKEYS},
+      {NULL,0}
+      /* add tags for include revoked and disabled? */
+    };
+
+  while((tok=strsep(&str," ,")))
+    {
+      int i,rev=0;
+
+      if(ascii_memcasecmp("no-",tok,3)==0)
+	rev=1;
+
+      for(i=0;export_opts[i].name;i++)
+	{
+	  if(ascii_strcasecmp(export_opts[i].name,tok)==0)
+	    {
+	      if(rev)
+		*options&=~export_opts[i].bit;
+	      else
+		*options|=export_opts[i].bit;
+	      hit=1;
+	      break;
+	    }
+	}
+
+      if(!hit && !export_opts[i].name)
+	return 0;
+    }
+
+  return hit;
+}
 
 /****************
  * Export the public keys (to standard out or --output).
  * Depending on opt.armor the output is armored.
- * flags has two bits: EXPORT_FLAG_ONLYRFC, so that only RFC2440
- * compatible keys are exported, and EXPORT_FLAG_SKIPATTRIBS to not
- * export attribute packets (photo IDs).
+ * options are defined in main.h.
  * If USERS is NULL, the complete ring will be exported.  */
 int
-export_pubkeys( STRLIST users, int flags )
+export_pubkeys( STRLIST users, unsigned int options )
 {
-    return do_export( users, 0, flags );
+    return do_export( users, 0, options );
 }
 
 /****************
@@ -56,11 +100,11 @@ export_pubkeys( STRLIST users, int flags )
  * been exported
  */
 int
-export_pubkeys_stream( IOBUF out, STRLIST users, int flags )
+export_pubkeys_stream( IOBUF out, STRLIST users, unsigned int options )
 {
     int any, rc;
 
-    rc = do_export_stream( out, users, 0, flags, &any );
+    rc = do_export_stream( out, users, 0, options, &any );
     if( !rc && !any )
 	rc = -1;
     return rc;
@@ -79,7 +123,7 @@ export_secsubkeys( STRLIST users )
 }
 
 static int
-do_export( STRLIST users, int secret, int flags )
+do_export( STRLIST users, int secret, unsigned int options )
 {
     IOBUF out = NULL;
     int any, rc;
@@ -99,7 +143,7 @@ do_export( STRLIST users, int secret, int flags )
     }
     if( opt.compress_keys && opt.compress )
 	iobuf_push_filter( out, compress_filter, &zfx );
-    rc = do_export_stream( out, users, secret, flags, &any );
+    rc = do_export_stream( out, users, secret, options, &any );
 
     if( rc || !any )
 	iobuf_cancel(out);
@@ -110,7 +154,8 @@ do_export( STRLIST users, int secret, int flags )
 
 
 static int
-do_export_stream( IOBUF out, STRLIST users, int secret, int flags, int *any )
+do_export_stream( IOBUF out, STRLIST users, int secret,
+		  unsigned int options, int *any )
 {
     int rc = 0;
     PACKET pkt;
@@ -167,7 +212,7 @@ do_export_stream( IOBUF out, STRLIST users, int secret, int flags, int *any )
 	}
 
 	/* do not export keys which are incompatible with rfc2440 */
-	if( (flags&EXPORT_FLAG_ONLYRFC) &&
+	if( !(options&EXPORT_INCLUDE_NON_RFC) &&
 	    (node = find_kbnode( keyblock, PKT_PUBLIC_KEY )) ) {
 	    PKT_public_key *pk = node->pkt->pkt.public_key;
 	    if( pk->version == 3 && pk->pubkey_algo > 3 ) {
@@ -213,14 +258,16 @@ do_export_stream( IOBUF out, STRLIST users, int secret, int flags, int *any )
 
 	    if( node->pkt->pkttype == PKT_SIGNATURE ) {
 	      /* do not export packets which are marked as not exportable */
-	      if( !node->pkt->pkt.signature->flags.exportable )
+	      if( !(options&EXPORT_INCLUDE_LOCAL_SIGS) &&
+		  !node->pkt->pkt.signature->flags.exportable )
 		continue; /* not exportable */
 
 	      /* do not export packets with a "sensitive" revocation
                  key.  This will need revisiting when we start
                  supporting creating revocation keys and not just
                  reading them. */
-	      if( node->pkt->pkt.signature->revkey ) {
+	      if( !(options&EXPORT_INCLUDE_SENSITIVE_REVKEYS) &&
+		  node->pkt->pkt.signature->revkey ) {
 		int i;
 
 		for(i=0;i<node->pkt->pkt.signature->numrevkeys;i++)
@@ -234,7 +281,7 @@ do_export_stream( IOBUF out, STRLIST users, int secret, int flags, int *any )
 	    }
 
 	    /* Don't export attribs? */
-	    if( (flags&EXPORT_FLAG_SKIPATTRIBS) &&
+	    if( !(options&EXPORT_INCLUDE_ATTRIBUTES) &&
 		node->pkt->pkttype == PKT_USER_ID &&
 		node->pkt->pkt.user_id->attrib_data ) {
 	      /* Skip until we get to something that is not an attrib
diff --git a/g10/g10.c b/g10/g10.c
index 3d1105827..6f7046ee4 100644
--- a/g10/g10.c
+++ b/g10/g10.c
@@ -237,6 +237,7 @@ enum cmd_and_opt_values { aNull = 0,
     oLockNever,
     oKeyServer,
     oKeyServerOptions,
+    oExportOptions,
     oTempDir,
     oExecPath,
     oEncryptTo,
@@ -409,6 +410,7 @@ static ARGPARSE_OPTS opts[] = {
     { oDefaultKey, "default-key" ,2, N_("|NAME|use NAME as default secret key")},
     { oKeyServer, "keyserver",2, N_("|HOST|use this keyserver to lookup keys")},
     { oKeyServerOptions, "keyserver-options",2,"@"},
+    { oExportOptions, "export-options",2,"@"},
     { oCharset, "charset"   , 2, N_("|NAME|set terminal charset to NAME") },
     { oOptions, "options"   , 2, N_("read options from file")},
 
@@ -902,6 +904,8 @@ main( int argc, char **argv )
     opt.pgp2_workarounds = 1;
     opt.force_v3_sigs = 1;
     opt.escape_from = 1;
+    opt.export_options=EXPORT_DEFAULT;
+    opt.keyserver_options.export_options=EXPORT_DEFAULT;
     opt.keyserver_options.include_subkeys=1;
     opt.keyserver_options.include_attributes=1;
 #if defined (__MINGW32__) || defined (__CYGWIN32__)
@@ -1331,6 +1335,16 @@ main( int argc, char **argv )
 	  case oKeyServerOptions:
 	    parse_keyserver_options(pargs.r.ret_str);
 	    break;
+	  case oExportOptions:
+	    if(!parse_export_options(pargs.r.ret_str,&opt.export_options))
+	      {
+		if(configname)
+		  log_error(_("%s:%d: invalid export options\n"),
+			    configname,configlineno);
+		else
+		  log_error(_("invalid export options\n"));
+	      }
+	    break;
 	  case oTempDir: opt.temp_dir=pargs.r.ret_str; break;
 	  case oExecPath:
 #ifndef FIXED_EXEC_PATH
@@ -2009,7 +2023,7 @@ main( int argc, char **argv )
 	else if( cmd == aRecvKeys )
 	    keyserver_import( sl );
 	else
-	    export_pubkeys( sl, (cmd == aExport)?EXPORT_FLAG_ONLYRFC:0 );
+	    export_pubkeys( sl, opt.export_options );
 	free_strlist(sl);
 	break;
 
diff --git a/g10/hkp.c b/g10/hkp.c
index 50626adf9..09fa5a12a 100644
--- a/g10/hkp.c
+++ b/g10/hkp.c
@@ -114,7 +114,6 @@ hkp_export( STRLIST users )
     IOBUF temp = iobuf_temp();
     struct http_context hd;
     char *request;
-    int attribs=EXPORT_FLAG_ONLYRFC;
     unsigned int status;
     unsigned int hflags = opt.keyserver_options.honor_http_proxy? HTTP_FLAG_TRY_PROXY : 0;
 
@@ -124,10 +123,8 @@ hkp_export( STRLIST users )
     afx.what = 1;
     iobuf_push_filter( temp, armor_filter, &afx );
 
-    if(!opt.keyserver_options.include_attributes)
-      attribs|=EXPORT_FLAG_SKIPATTRIBS;
-
-    rc = export_pubkeys_stream( temp, users, attribs );
+    rc = export_pubkeys_stream( temp, users,
+				opt.keyserver_options.export_options );
     if( rc == -1 ) {
 	iobuf_close(temp);
 	return 0;
diff --git a/g10/keyserver.c b/g10/keyserver.c
index e2477c61d..eddd2cf7c 100644
--- a/g10/keyserver.c
+++ b/g10/keyserver.c
@@ -110,7 +110,8 @@ parse_keyserver_options(char *options)
 	  else if(ascii_strcasecmp(tok,"no-use-temp-files")==0)
 	    opt.keyserver_options.use_temp_files=0;
 #endif
-	  else if(strlen(tok)>0)
+	  else if(!parse_export_options(tok,
+					&opt.keyserver_options.export_options))
 	    add_to_strlist(&opt.keyserver_options.other,tok);
 	}
     }
@@ -451,10 +452,6 @@ keyserver_spawn(int action,STRLIST list,
 	  {
 	    armor_filter_context_t afx;
 	    IOBUF buffer=iobuf_temp();
-	    int attribs=EXPORT_FLAG_ONLYRFC;
-
-	    if(!opt.keyserver_options.include_attributes)
-	      attribs|=EXPORT_FLAG_SKIPATTRIBS;
 
 	    temp=NULL;
 	    add_to_strlist(&temp,key->d);
@@ -463,7 +460,8 @@ keyserver_spawn(int action,STRLIST list,
 	    afx.what=1;
 	    iobuf_push_filter(buffer,armor_filter,&afx);
 
-	    if(export_pubkeys_stream(buffer,temp,attribs)==-1)
+	    if(export_pubkeys_stream(buffer,temp,
+				     opt.keyserver_options.export_options)==-1)
 	      iobuf_close(buffer);
 	    else
 	      {
diff --git a/g10/main.h b/g10/main.h
index ec0efd3c8..4d705b093 100644
--- a/g10/main.h
+++ b/g10/main.h
@@ -159,10 +159,15 @@ void import_print_stats (void *hd);
 int collapse_uids( KBNODE *keyblock );
 
 /*-- export.c --*/
-#define EXPORT_FLAG_ONLYRFC     1
-#define EXPORT_FLAG_SKIPATTRIBS 2
-int export_pubkeys( STRLIST users, int flags );
-int export_pubkeys_stream( IOBUF out, STRLIST users, int flags );
+#define EXPORT_INCLUDE_NON_RFC    1
+#define EXPORT_INCLUDE_LOCAL_SIGS 2
+#define EXPORT_INCLUDE_ATTRIBUTES 4
+#define EXPORT_INCLUDE_SENSITIVE_REVKEYS 8
+#define EXPORT_DEFAULT (1|4)
+
+int parse_export_options(char *str,unsigned int *options);
+int export_pubkeys( STRLIST users, unsigned int options );
+int export_pubkeys_stream( IOBUF out, STRLIST users, unsigned int options );
 int export_seckeys( STRLIST users );
 int export_secsubkeys( STRLIST users );
 
diff --git a/g10/options.h b/g10/options.h
index eb4dd1b8b..69b4bc4c3 100644
--- a/g10/options.h
+++ b/g10/options.h
@@ -129,9 +129,11 @@ struct {
       int keep_temp_files;
       int fake_v3_keyids;
       int auto_key_retrieve;
+      unsigned int export_options;
       STRLIST other;
     } keyserver_options;
     int exec_disable;
+    unsigned int export_options;
     char *def_preference_list;
     prefitem_t *personal_cipher_prefs,
                *personal_digest_prefs,