when encrypting messages to a user ID with multiple matching keys with full calculated validity, gpg seems to just choose the "first" matching key, for some definition of "first" -- i think it's decided by chronological age of first import into the local keyring.
This does not seem to be the best heuristic. here are some other
proposed heuristics for choosing among multiple keys with full
calculated User ID validity during encryption:
0) choose the most recently-created key
1) choose the key with the strongest supported encryption-capable
subkey (by bitlength?)
2) encrypt to *all* matching keys
The current implementation does what seems to be the Wrong Thing in the
use case where the recipient is going through a key transition, and has
two keys (one older, deprecated but not yet expired; and one newer,
stronger, preferred).
Any thoughts on this? Should i open it as a ticket?
--dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
