choosing an encryption target from a User ID

[David Shaw]

On Sep 22, 2009, at 4:40 PM, Daniel Kahn Gillmor wrote:

> On 09/22/2009 04:09 PM, John W. Moore III wrote:
>> John Clizbe wrote:
>>
>>> IIRC, it's the first usable key with a matching User ID. Period.  
>>> First one it
>>> can use.
>
> thanks for catching that, John.  It appears that if the first key  
> with a
> matching User ID doesn't have full calculated validity, the user  
> gets a
> scary warning that "There is no assurance this key belongs to the  
> named
> user", and then:
>
>    It is NOT certain that the key belongs to the person named
>    in the user ID.  If you *really* know what you are doing,
>    you may answer the next question with yes.
>
> It does this even if there is a full-valid match later in the keyring!
>
> This doesn't seem like friendly or reasonable behavior for the power
> user, let alone the novice user.
>
>> My usual 'solution' for this is to 'Disable' the non-preferred or  
>> unused
>> Key until such time as it is Revoked or I have been otherwise  
>> informed
>> it is deprecated beyond any further use.
>
> i'm assuming you mean "gpg --edit-key 0xDECAFBAD" followed by the
> "disable" subcommand.
>
> What do y'all think should actually be happening here?

I think the current behavior is the right one.  Otherwise we break  
however many baked-in uses out there (scripts, etc), to say nothing of  
having to explain to people why a particular key was chosen.  "We pick  
the first valid key" cannot be misunderstood or confuse anyone.

Yes, it's wrong for some situations.  But every behavior is wrong for  
some situations.  This particular "wrong" behavior has almost 20 years  
of history behind it.

David