Encryption to key with multiple subkeys

Daniel Kahn Gillmor dkg at fifthhorseman.net
Wed May 12 02:08:27 CEST 2010

On 05/11/2010 07:42 PM, Joke de Buhr wrote:
> The encrypt-to-all-encryption-capable-subkeys ensures that the owner of the 
> primary key will always be able to decrypt the message no matter what (not-
> revoke) encryption key secrets he can access at the moment.

yup, i think this is a good argument for your proposed behavior.  what i
haven't seen yet (haven't thought through yet) is what the
counter-arguments might be.

For example, consider the introduction of a new encryption-capable
asymmetric algorithm X that has "better" properties than RSA (pretend
for a moment that some flaw is found in RSA).  I might want to have an
RSA encryption-capable subkey for all the deployed RSA-only
implementations to use, since using RSA is better than nothing.  But i
might want tools that *do* support X to use my encryption-capable X
subkey, and not the RSA key.

(the same argument can be made for old, small keys and newer larger
keys, if the larger key sizes do not have wide adoption, i think)

So that's one (albeit mostly fictional) scenario where you wouldn't want
to encrypt to both.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 892 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20100511/125c9b8e/attachment.pgp>

More information about the Gnupg-users mailing list