What should '--local-user' mean when multiple secret keys match?
Uri Blumenthal
uri at mit.edu
Tue Jan 29 14:03:50 CET 2019
See inline please.
Sent from my test iPhone
> On Jan 29, 2019, at 07:45, Andrew Gallagher <andrewg at andrewg.com> wrote:
>
>> * sign with the most recently-created key available. (does this mean
>> we're looking at the age of the primary, or of the subkey?)
>
> I think "Most recent valid subkey of the most recent valid primary key"
> is a sensible default. "Most recent valid subkey no matter how old the
> primary is" would be the other option, but I can't imagine a use case
> where it would be preferable.
I think both scenarios are valid. I agree with your default. Perhaps, a config option to switch to the other...?
>> * provide explicit prioritization mechanisms between these keys that
>> are easy to use and easy to revert
>
> This would be useful for advanced users, but probably overkill for most.
So, most users would not change the default prioritization, and the advanced ones would have a convenient tool in hand. (Sotto voce: I strongly suspect there are more advanced users of GnuPG, than the "normal" ones.)
>> * allow locally disabling subkeys independently from primary keys, or
>> even disabling key usage flags on the primary key.
>
> Changing the usage flags on the primary has been a longstanding feature
> request, but if your first two suggestions were implemented it wouldn't
> be necessary for this use case.
I would still want very much to be able to change Usage flags on the primary. Regardless of whether the other good suggestions are implemented.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2894 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20190129/c7674d2b/attachment.bin>
More information about the Gnupg-devel
mailing list