I favor this too.
One additional issue I realized that we didn't address is the mixing of
keys for two levels of Suite-B profile. It is similar to the issue of mixing
non-Suite-B and Suite-B keys.
TOP SECRET must use AES-256, SECRET must use AES-128 or AES-256. We cannot
make TOP SECRET keys use AES-128, yet this is what happens with implicit
AES-128. Making AES-256 implicit will not work either, because now SECRET
keys will be picked as compatible with TOP SECRET keys. Finally, having no
implicit preferences disallows TOP SECRET keys to receive SECRET
Do we now need two Suite-B flags?
My initial reaction was "no": one flag restricts ciphers for both
profiles (TS and S) - and that's absolutely correct for "Suite B."
But "OpenPGP ECC" possibly has several categories (levels):
1. Strict Suite B TS
2. Strict Suite B S
3. ECC with AESes
(3a ECC with Twofish, Camellia)
4. ECC with 3DES
(4a ECC with Twofish, Camellia if you think 3DES is higher)
5. ECC with other ciphers / non-ECC keys
but maybe this is now into the realm of cipher preferences?
I need to give this a bit more thought.