-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
* L. Sassaman (rabbi(_at_)quickie(_dot_)net) [000823 21:29]:
The user *will* have to decrypt multiple secret keys if such exist. Perhaps
a
recommendation that non-encrypted keys be tried first is an idea?
I actually would like to see the default key tried first, since that makes
more sense in my mind... but now we're in the realm of specific
implementation methods.
True.
Giving a few notes for authors to reflect over isn't a bad thing though, is
it?
Trying to use the default key first isn't a bad idea. It's the one that's got
the better chance of being a hit. Un-encrypted keys take no time to check
however, and you can spare the user from having to enter the passphrase.
I also thing that the places you'll be using speculative KeyID's are also the
places where the chances of encrypting to a key with no passphrase are
highest, as many will simply want to get the mail securely from sniffers, and
not have to decrypt ever single message.
Just a thought...
Actually, this might be of some concern. You could effectively send a email
using speculative KeyID, which would make the user decrypt all his key in
turn, thus providing a attacker with access to keyboard with passphrases to
*all* his KeyID's, including keys the user might have made to be extra
secure,
and not for normal use (root keys etc).
You could automatically try the default key, and then give the user the
list of keys remaining to try, and he can pick which ones.
And you can always have a "disable speculative key" option.
Both great ideas. :)
Terje
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.2 (FreeBSD)
Comment: For info see http://www.gnupg.org
iD8DBQE5pOtr8HLgLrwmRg0RAioDAJwIJM37UWRptyWZNal7LKwINL/tVgCglyih
yYncR/9JfUoXOJRvCiDsVeo=
=z859
-----END PGP SIGNATURE-----