On Sep 21, 2008, at 7:34 PM, reynt0 wrote:
On Thu, 18 Sep 2008, David Shaw wrote:
. . .
1) Take the intersection of all recipients preference lists. This
rules out any algorithms that would be unusable by someone.
2) Elect a "decider". The decider is the one person whose ordered
list we will honor the rankings for. If the user has specified a
personal-*-prefs list, then the user is the decider. If the user
has not specified a list, then the last recipient key is used.
3) Walk the decider preference list from highest ranked to lowest
ranked - as soon as we hit an algorithm that is part of the
intersection from step #1, stop.
. . .
I'm a little confused, maybe because I'm not sure who all
"user" might refer to, or maybe :^) because my mind wants
to understand the system according to what my mind wants to
think would make sense to it. I have thought the process was:
("S" is sender; "R1", "R2", are receiver(s); "M" is message)
S has basic ordered acceptance list as Ps; as does each R as
Pr1, Pr2, and so on. S maybe has personal-*-prefs list as
Pps; each R maybe does, Ppr1, Ppr2, etc. The cipher used
for M is chosen by: 1st find simple intersection of the
ciphers listed in all the various P, this gives an unordered
set. 2nd, from the ciphers in that intersection set, choose
whichever ranks highest in Pps, if there is a Pps; otherwise
choose whichever shows up first in Ps; and in any case
ignoring all the Ppr1, Ppr2, etc and any ordering in the
Pr1, Pr2, etc.
Is this wrong?
Partially. You need to remember that the "sender" preferences are not
relevant here. OpenPGP has no concept of a sender. All it knows are
keys, and there is no particular requirement for a secret key to be
involved when sending a message. For example, who is the sender here?
gpg -r receiver1 -r receiver2 --encrypt my-file.txt
Using your nomenclature, here's the algorithm:
1) Take the intersection of the various PrXes. This gives an
unordered set.
2) If there is a Pps, choose the highest ranked entry in Pps that also
exists in the intersection
3) If there is no Pps, choose the highest ranked entry in Pr1 that
also exists in the intersection
Note that Ps, and any PprXes are irrelevant and in fact are unknown or
unknowable at the time of encryption.
David
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
