dshaw at jabberwocky.com
Mon Sep 22 18:13:51 CEST 2008
On Mon, Sep 22, 2008 at 01:24:37AM -0400, Faramir wrote:
> Robert J. Hansen escribi??:
> > David Shaw wrote:
> >> If someone wants to know how to set their preference list, they're not
> >> trying for new and fun ways to violate the spec.
> Well, since I made the question, I must agree with that point of
> view, since my concern was -being the receiving end- how to modify my
> preferences without making my key unusable or at least, less-usable.
> However, it is true I should not give for granted I will always
> receive messages using my preferences (and that is the reason why I
> finally added the IDEA library to my GPG... just in case... but I don't
> intend to use it).
You should take this for granted, or you're going to be forced to
continually upgrade to get every possible algorithm whether you want
to or not. IDEA today, Camellia tomorrow, Whirlpool eventually, etc.
OpenPGP guarantees that you will never be sent a message that violates
your preferences (effectively this means you will never be sent a
message that you can't decrypt due to some algorith mismatch). Sure,
there could be a sender that is violating the spec, but do you really
want to configure yourself to do the right thing when communicating
with a partner who is broken? They have many more ways of being
broken than you do of working around their brokenness.
I have never received a messsage that violates my preferences. If I
did, and couldn't decrypt, I'd just send an encrypted message back
saying "I couldn't read this. Knock it off with the algorithm games."
More information about the Gnupg-users