Encryption to key with multiple subkeys
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed May 12 02:08:27 CEST 2010
On 05/11/2010 07:42 PM, Joke de Buhr wrote:
> The encrypt-to-all-encryption-capable-subkeys ensures that the owner of the
> primary key will always be able to decrypt the message no matter what (not-
> revoke) encryption key secrets he can access at the moment.
yup, i think this is a good argument for your proposed behavior. what i
haven't seen yet (haven't thought through yet) is what the
counter-arguments might be.
For example, consider the introduction of a new encryption-capable
asymmetric algorithm X that has "better" properties than RSA (pretend
for a moment that some flaw is found in RSA). I might want to have an
RSA encryption-capable subkey for all the deployed RSA-only
implementations to use, since using RSA is better than nothing. But i
might want tools that *do* support X to use my encryption-capable X
subkey, and not the RSA key.
(the same argument can be made for old, small keys and newer larger
keys, if the larger key sizes do not have wide adoption, i think)
So that's one (albeit mostly fictional) scenario where you wouldn't want
to encrypt to both.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 892 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20100511/125c9b8e/attachment.pgp>
More information about the Gnupg-users
mailing list