Hi folks,
AFAIK, OpenKeychain encrypts to all non-expired subkeys. I think this a
bit to course of an action. For example if a subkey has been created
with future timestamp to help with key rollover. Thus the idea to
explicitly mark suitable subkeys.
I feel OpenKeychain's approach here is sensible. Less complexity is
better: it's a huge burden on implementors to support yet-another-flag.
If a key has multiple valid encryption subkeys, it's advertising that
it's OK to pick *any* of those subkeys. That's pretty arbitrary. I don't
see why picking *all* would be any worse than picking an arbitrary one.
The ADSK (Additional Decryption Subkey) is an idea of mine on how to
ease ease encryption to several devices. You would install the separate
private subkeys on each device and if the sender supports the ADSK it
would encrypt to these subkeys. This is similar to what OpenKeychain
does but a more selective approach. OTOH, I am not sure whether one can
find a threat model where such a scheme would be useful.
Not sure I understand what you mean about threat model here?
A team I previously worked in abandoned email encryption altogether
because they couldn't access emails on their phones.
Now they use unencrypted email - is that the sort of threat model you
were thinking of?
Paul
signature.asc
Description: OpenPGP digital signature
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp