On Sep 25, 2009, at 10:04 AM, Daniel Kahn Gillmor wrote:
Since most of these tools rely on gpg as a backend, implementing a more-reasonable choice in gpg seems like a good idea.
What troubles me about this sort of behavior is that it is genuinely good and helpful in some cases and baffling and off-putting in others. For example, someone has two different Alice keys in their keyring. Both keys have a single UID, which is signed by Baker. One of the Alices (call her Alice1) is also signed by Charlie. The other Alice (Alice2) is signed by Dan. Alice2 is a newer key than Alice1.
At the moment, the keyring contains Alice1, Alice2, and Baker. We have full trust in Charlie and Dan, but they are not currently present in the keyring. We have a marginal trust in both Alices through Baker, so following the suggested algorithm we pick Alice2 (as it is a newer key).
Now, the user imports Charlie's key. This completely changes the calculation: we have full trust in Alice1 through Charlie, so Alice1 is now fully trusted. We switch over to encrypting to Alice1 - it's the older key, but it has full trust.
Then, the user imports Dan's key. This completely changes the calculation again: we now have full trust in both Alices, so we again pick the more recent key, and pick Alice2.
Then there is the case where someone doesn't automatically rebuild their trustdb - they can be in a position of having GPG pick one key, then a rebuild is triggered, causing the other key to be picked.
I'm not against that behavior - it's reasonable and makes sense... to someone who really understands the web of trust and OpenPGP.
My problem is that there is the potential for a lot of confusion here. Making the behavior optional doesn't really resolve that, as to be useful, you want this sort of key-picking behavior to be the default (I might even argue that if we do it, it shouldn't be something that could be switched off, as at least there would be only 1 confusing behavior to document, rather than two).
David _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
