At 15:33 3/23/98 , Jon Callas wrote:
If the protocols allow someone to use [an unsafe encryption algorithm]
and send it around, then you have the same exposure [as if they merely
neglected to encrypt at all].
Not quite: in the latter case, it's apparent to the recipient that the
sender blew it. If that one message has all the secrets of the universe,
and a big red flag to attract Satan's attention, then the jig is up. If
not, then a scathing rebuke in the (encrypted, no doubt) reply could
prevent further disclosures. But if the message is encrypted, the
recipient may merely notice that decryption was necessary and was performed.
That distinction actually argues for your position (that the preferences
are binding upon the sender), but I still hold that the code and keyrings
have a necessarily incomplete knowledge, which the humans (who are, after
all the ones at risk here!) must be able to override.
///// Informix Software Inc. Jack Repenning
////\ / Config/Release Mgmt jackr(_at_)informix(_dot_)com
///// / 4100 Bohannon Drive M/S: 4100/2
///// / Menlo Park, CA 94025 FAX: 650/926-6571
///// / PAGE: 800/782-9089 VOICE: 650/926-1044
///// / PGP/RSA: D24B E2C2 9AFB 7C24 : 7E59 7885 525D 644E
///// PGP/DSS: 955C 44AD 8FCE 77D4 9494 : 4AB2 51F1 3EED 3B82 E870