choosing an encryption target from a User ID
David Shaw
dshaw at JABBERWOCKY.COM
Tue Sep 22 22:41:25 CEST 2009
On Sep 22, 2009, at 1:11 PM, Daniel Kahn Gillmor wrote:
> when encrypting messages to a user ID with multiple matching keys with
> full calculated validity, gpg seems to just choose the "first"
> matching
> key, for some definition of "first" -- i think it's decided by
> chronological age of first import into the local keyring.
>
> This does not seem to be the best heuristic. here are some other
> proposed heuristics for choosing among multiple keys with full
> calculated User ID validity during encryption:
>
> 0) choose the most recently-created key
>
> 1) choose the key with the strongest supported encryption-capable
> subkey (by bitlength?)
>
> 2) encrypt to *all* matching keys
The problem with this sort of thing is that for every possible
heuristic we can come up with, there is going to be someone who that
heuristic breaks. GnuPG has done the "first matching key" since the
beginning, as did (old) PGP[1]. That behavior is baked deeply into
systems.
David
[1] PGP has a GUI nowadays, so this sort of thing doesn't apply in the
same way any longer. I don't have my copy of PGP command line online
at the moment, so I can't check what it does, but I'd be surprised if
it didn't either take the first one or give an error message.
More information about the Gnupg-users
mailing list