riseup.net OpenPGP Best Practices article

Robert J. Hansen rjh at sixdemonbag.org
Thu Jun 26 23:36:45 CEST 2014

On 6/26/2014 4:35 PM, Hauke Laging wrote:
> You mean except for that you must be capable of forging a mainkey 
> signature (if you don't control the sending system anyway in which case 
> you don't need the key any more)?

Nope.  :)  I meant what I said.

The preference list on the key is advisory, not binding.  There's
nothing requiring an implementation to even look at the preference list
on the key.  For any OpenPGP certificate, you can send it 3DES-encrypted
traffic and be in complete accordance with the spec and the recipient's

A conformant implementation MUST choose a cipher that is listed in the
certificate preferences, but (a) the spec is completely silent about
*which* preferred cipher should be used, and (b) the spec guarantees
3DES will always be a preferred cipher.

This is why I've always pushed to call them capability sets, instead of
preference lists.  The spec doesn't guarantee they'll be treated as
preference lists.  The spec only guarantees they'll be treated as a
capability set.

More information about the Gnupg-users mailing list