On Aug 17, 2009, at 2:45 AM, Faramir wrote:
Werner Koch escribió:
Noteworthy changes in version 1.4.10 (unreleased)
I remember there were some improvements in the way the preferred
algorithms for encryption are chosen... Are these changes included in
this new version?
Yes. I'll add a note to the NEWS file about it.
For the archive: the changes are that GPG now scores the preferred
algorithms, so (for example) if there are 3 recipients, and two of the
three vote for AES128 and one of the three votes for AES256, then the
algorithm chosen will be AES128. However, despite the occasional
confusion on this point, keep in mind that this behavior is not
required by the standard, so don't expect everyone else to do what GPG
is doing here. Not every OpenPGP implementation does ranking. The
only requirement is that each implementation picks an algorithm that
is supported by all recipients, and beyond that, the implementation
can choose however it likes. It is thus legal to just force every
message to use 3DES and never even look at the preferences. So long
as all recipients support them, it is even legal, though perhaps
silly, to pick AES128 on Mondays, CAST5 on Tuesdays, but AES256 only
on alternate Thursdays in months with the letter "r" in them.
Also keep in mind that you, as the sender of the message, are king: if
you want algorithm X, and everyone can at least handle algorithm X,
then their votes for what they like best don't matter. You're the
sender, and your wishes (via --personal-cipher-preferences and
friends) trump all.
David
_______________________________________________
Gnupg-users mailing list
[email protected]
http://lists.gnupg.org/mailman/listinfo/gnupg-users