Pref

[David Shaw]

On Wed, Jun 01, 2005 at 10:00:45PM +0200, Kiefer, Sascha wrote:
> > Yes, you will.
> > 
> > However, why are you doing this?  GnuPG automatically does 
> > this for you.
> 
> Not really. Only if i change the pref for the key i use.
> My system is similar to the PGP universal system which runs on a server.
> Let's think about SHA-1. Right now, it will be the preferred hash alg
> for most of the keys. But it's broke, so the administrator what's to
> use RIPEMD instead. Instead of changing all prefs of all keys, he just
> sets the policy, that RIPEMD is the preferred algorithm (or maybe sets 
> that at least SHA256 must be used and keys that do not support it will
> Not be used)
> Get the point?

Yes, but this is a bad mistake to make.  If an algorithm does not
appear in someones preferences, then it shouldn't be used.  For
example, IDEA is an optional algorithm in OpenPGP.  If your
administrator decides that everyone should use IDEA, that will mean
that some users will not be able to read the message.

The whole point of preferences is for the users to tell you what
algorithms they can handle.  Overriding this means that the users are
getting something they can't handle.

The only safe way to do this is to either do nothing and let the
automatic algorithm selection system do its job, or use
--personal-xxx-preferences which works within the preference system to
pick an algorithm (and won't pick it if it means violating the
preferences).

David