On Wednesday 17 January 2007 21:18, vedaal(_at_)hush(_dot_)com wrote:
On Wed, 17 Jan 2007 12:34:15 -0500 Hal Finney <hal(_at_)finney(_dot_)org>
wrote:
Hmmm, I don't see the interop question here. Choosing which keys
to
encrypt to is entirely between the user and his software.
well,
there is 'sort-of' more of an annoyance issue, rather than a
'problem'
and purely an implementation one, not an issue with the rfc
Daniel Nagy writes:
The standard, as it stands right now, says nothing about dealing
with
multiple encryption subkeys. I think, this is something that
affects
interoperability and thus merits a few sentences in the
standard.
GPG assumes that the one with the latest valid subkey binding
signature is
the one that should be used when encrypting to the given primary
key. I
think, this is wrong, because it makes multiple subkeys useless
and
confusing,
gnupg allows encrypting to 'any' subkey, earlier or later,
simply by adding a ! after the keyid (by number, not name) of the
preferred subkey,
e.g.:
gpg -r 12345678! -e filename
the issue is that gnupg, by default, will choose the 'latest'
subkey,
when the command is:
gpg -r username -e filename
(assuming, actually quite understandably, that if the key owner
went through the trouble of making a new subkey, there was probably
a good reason for it,)
now, since not everyone has this new subkey yet,
and when someone who doesn't have it yet, receives an e-mail self-
encrypted by default, to the sender's new subkey,
and if also, the sender has not yet uploaded this subkey,
and also, didn't inform the receiver of the new key,
then the receiver 'might' be confused as to why it is not encrypted
to the encrypting subkeys he/she has for that sender
other than that,
i don't see any other problem with this
the receiver has a choice to encrypt to any subkey,
any the only implementation issue,
is perhaps to make this '!' option
more clearly documented
(iirc, it's still not in the gpg manpage ;-) ),
Fresh from the gpg manpage (version 1.4.2):
Note that you can append an exclamation mark (!) to key IDs or
fingerprints. This flag tells GnuPG to use the specified primary or
secondary key and not to try and calculate which primary or secondary
key to use.
Regards,
Ingo
pgpMkU8D7LsJ4.pgp
Description: PGP signature