choosing an encryption target from a User ID

David Shaw dshaw at jabberwocky.com
Fri Sep 25 17:06:12 CEST 2009 

On Sep 25, 2009, at 10:04 AM, Daniel Kahn Gillmor wrote:

> Since most of
> these tools rely on gpg as a backend, implementing a more-reasonable
> choice in gpg seems like a good idea.

What troubles me about this sort of behavior is that it is genuinely  
good and helpful in some cases and baffling and off-putting in  
others.  For example, someone has two different Alice keys in their  
keyring.  Both keys have a single UID, which is signed by Baker.  One  
of the Alices (call her Alice1) is also signed by Charlie.  The other  
Alice (Alice2) is signed by Dan.  Alice2 is a newer key than Alice1.

At the moment, the keyring contains Alice1, Alice2, and Baker.  We  
have full trust in Charlie and Dan, but they are not currently present  
in the keyring.  We have a marginal trust in both Alices through  
Baker, so following the suggested algorithm we pick Alice2 (as it is a  
newer key).

Now, the user imports Charlie's key.  This completely changes the  
calculation: we have full trust in Alice1 through Charlie, so Alice1  
is now fully trusted.  We switch over to encrypting to Alice1 - it's  
the older key, but it has full trust.

Then, the user imports Dan's key.  This completely changes the  
calculation again: we now have full trust in both Alices, so we again  
pick the more recent key, and pick Alice2.

Then there is the case where someone doesn't automatically rebuild  
their trustdb - they can be in a position of having GPG pick one key,  
then a rebuild is triggered, causing the other key to be picked.

I'm not against that behavior - it's reasonable and makes sense... to  
someone who really understands the web of trust and OpenPGP.

My problem is that there is the potential for a lot of confusion  
here.  Making the behavior optional doesn't really resolve that, as to  
be useful, you want this sort of key-picking behavior to be the  
default (I might even argue that if we do it, it shouldn't be  
something that could be switched off, as at least there would be only  
1 confusing behavior to document, rather than two).

David

More information about the Gnupg-users mailing list