Mark H. Wood
mwood at IUPUI.Edu
Thu Sep 18 20:30:29 CEST 2008
On Thu, Sep 18, 2008 at 01:07:39PM -0400, David Shaw wrote:
> On Thu, Sep 18, 2008 at 08:23:21AM -0500, Kevin Hilton wrote:
> > I think the problem is with the word preferences. The use of this
> > word in the setpref command and in the
> > personal-cipher/hash-preferences really doesn't convey what
> > preferences are preferred over each other. The sender's preferences
> > always trump the recipient's preferences.
> This is not true. GPG will never use a cipher that the recipient does
> not prefer. It may not use the recipient's #1 choice, but it will
> always use something from the recipient's list.
True, not true -- it's not *clear*.
It sounds like GPG will find the intersection of the sender's and
recipient's cipher lists and then take the sender's "preference" from
that list -- that is, the first member of his list which is in the
> It's not always simple to calculate what cipher should be used. For
> Alice: AES256 TWOFISH
> Baker: TWOFISH AES256
> Who wins?
Good point. If Alice sent the message then I would expect AES256 to
be selected; if Baker, then TWOFISH. An exchange will alternate
Who *should* win? That question, if it must be answered, sounds like
it belongs to the OpenPGP WG.
But how much do we care? Two parties who can communicate at all (that
is, have at least one "preferred" cipher in common) will always do so
using one of the ciphers they are both willing to use. Is that good
There seems to be confusion over whether to treat cipher preferences
as lists or sets.
Mark H. Wood, Lead System Programmer mwood at IUPUI.Edu
Typically when a software vendor says that a product is "intuitive" he
means the exact opposite.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 197 bytes
Desc: not available
More information about the Gnupg-users