On Thu, Sep 18, 2008 at 01:07:39PM -0400, David Shaw wrote: > On Thu, Sep 18, 2008 at 08:23:21AM -0500, Kevin Hilton wrote: > > I think the problem is with the word preferences. The use of this > > word in the setpref command and in the > > personal-cipher/hash-preferences really doesn't convey what > > preferences are preferred over each other. The sender's preferences > > always trump the recipient's preferences. > > This is not true. GPG will never use a cipher that the recipient does > not prefer. It may not use the recipient's #1 choice, but it will > always use something from the recipient's list.
True, not true -- it's not *clear*. It sounds like GPG will find the intersection of the sender's and recipient's cipher lists and then take the sender's "preference" from that list -- that is, the first member of his list which is in the intersection. > It's not always simple to calculate what cipher should be used. For > example: > > Alice: AES256 TWOFISH > Baker: TWOFISH AES256 > > Who wins? Good point. If Alice sent the message then I would expect AES256 to be selected; if Baker, then TWOFISH. An exchange will alternate ciphers. Correct? Who *should* win? That question, if it must be answered, sounds like it belongs to the OpenPGP WG. But how much do we care? Two parties who can communicate at all (that is, have at least one "preferred" cipher in common) will always do so using one of the ciphers they are both willing to use. Is that good enough? There seems to be confusion over whether to treat cipher preferences as lists or sets. -- Mark H. Wood, Lead System Programmer [EMAIL PROTECTED] Typically when a software vendor says that a product is "intuitive" he means the exact opposite.
pgpq3paqhzW7s.pgp
Description: PGP signature
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
