Changing preferences

Mark H. Wood mwood at IUPUI.Edu
Thu Sep 18 20:30:29 CEST 2008


On Thu, Sep 18, 2008 at 01:07:39PM -0400, David Shaw wrote:
> On Thu, Sep 18, 2008 at 08:23:21AM -0500, Kevin Hilton wrote:
> > I think the problem is with the word preferences.  The use of this
> > word in the setpref command and in the
> > personal-cipher/hash-preferences really doesn't convey what
> > preferences are preferred over each other.  The sender's preferences
> > always trump the recipient's preferences.
> 
> This is not true.  GPG will never use a cipher that the recipient does
> not prefer.  It may not use the recipient's #1 choice, but it will
> always use something from the recipient's list.

True, not true -- it's not *clear*.

It sounds like GPG will find the intersection of the sender's and
recipient's cipher lists and then take the sender's "preference" from
that list -- that is, the first member of his list which is in the
intersection.
 
> It's not always simple to calculate what cipher should be used.  For
> example:
> 
> Alice:   AES256 TWOFISH
> Baker:   TWOFISH AES256
> 
> Who wins?

Good point.  If Alice sent the message then I would expect AES256 to
be selected; if Baker, then TWOFISH.  An exchange will alternate
ciphers.  Correct?

Who *should* win?  That question, if it must be answered, sounds like
it belongs to the OpenPGP WG.

But how much do we care?  Two parties who can communicate at all (that
is, have at least one "preferred" cipher in common) will always do so
using one of the ciphers they are both willing to use.  Is that good
enough?

There seems to be confusion over whether to treat cipher preferences
as lists or sets.

-- 
Mark H. Wood, Lead System Programmer   mwood at IUPUI.Edu
Typically when a software vendor says that a product is "intuitive" he
means the exact opposite.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: </pipermail/attachments/20080918/86d0a508/attachment.pgp>


More information about the Gnupg-users mailing list