A question about Camellia

David Shaw dshaw at jabberwocky.com
Fri Jan 23 23:49:55 CET 2009

On Fri, Jan 23, 2009 at 05:14:15PM -0500, Robert J. Hansen wrote:
> David Shaw wrote:
> > You have the ability to do pretty much that, but:
> I actually don't, but for policy reasons.  My local policy is "have
> total control over what I send, but don't assert control over what I
> receive."  I guess you could call it my small-l libertarian philosophy
> as applied to OpenPGP.
> Whatever traffic someone decides to send me, if it's valid OpenPGP
> traffic, I want to be able to make sense of it.

This has nothing to do with your preference list.  GPG will happily
decrypt messages to any cipher, whether it is in your preference list
or not, as per the spec: "If an implementation can decrypt a message
that a keyholder doesn't have in their preferences, the implementation
SHOULD decrypt the message anyway, but MUST warn the keyholder that
the protocol has been violated."

> I don't mind if we as a community decide to restrict OpenPGP to a
> smaller subset of algorithms.  I don't think I should try to coerce my
> prejudices on the traffic sent to me by others.  I think the best way to
> restrict algorithms is by community consensus, not by me restricting the
> list of algorithms in my key preference list.

You seem to be advocating that the community sweep away the ciphers
you don't favor so that nobody can use them.  I disagree, but can
understand the desire for simplicity.  At the same time, though, you
argue that using the part of the protocol that *as part of community
consensus* allows you to sweep away ciphers that you don't favor is
you imposing your prejudices on the community.  I'm not sure how to
reconcile those two statements.


More information about the Gnupg-users mailing list