dshaw at jabberwocky.com
Tue Sep 23 23:04:03 CEST 2008
On Tue, Sep 23, 2008 at 09:53:40AM -0400, Mark H. Wood wrote:
> On Tue, Sep 23, 2008 at 09:44:53AM -0400, David Shaw wrote:
> > On Sep 22, 2008, at 10:17 AM, Mark H. Wood wrote:
> >> On Mon, Sep 22, 2008 at 12:09:00AM -0400, David Shaw wrote:
> >>> I'd be content with something that says "List algorithms in the order in
> >>> which you'd like to see them used.
> >> There's the problem right there. "Used" when? When sending?
> >> apparently not. When others send to me? apparently so. Somehow the
> >> two cases (I send; I receive) should be disentangled.
> > Good point. How about:
> > List algorithms in the order in which you'd like to see them used by someone
> > else when encrypting a message to you. If you don't include 3DES, GPG will
> > add it automatically at the end. Note that there are many factors that go
> > into choosing an algorithm (for example, you may not be the only recipient),
> > and so the remote OpenPGP application being used to send to you may or may
> > not follow your exact chosen order for a given message. However, it will
> > only ever choose an algorithm that is on the list of every recipient key.
> > See also the INTEROPERABILITY section.
> Sounds good to me. It seems to cover what people mostly need to know,
> and is compact enough for a man page.
All set. The next version of GPG will have the new text.
I've also taken Robert's point about confusion between OpenPGP
preferences as ranked lists vs capability sets, and changed the code
so that they are always ranked lists. This means that GPG will now
allow the various recipient keys to "vote" on which algorithm is
chosen, and the most-preferred one will be chosen. It doesn't really
change much that is visible in practice, but it does mean that if you
have a bunch of recipients that all list a particular algorithm
somewhere, and most of them have it as their first choice, you'll
probably end up using it.
Note that this doesn't change anything for those people using
personal-*-prefs. If personal-*-prefs are set, GPG will continue to
pick algorithms based on them.
More information about the Gnupg-users