when encrypting messages to a user ID with multiple matching keys with full calculated validity, gpg seems to just choose the "first" matching key, for some definition of "first" -- i think it's decided by chronological age of first import into the local keyring.
This does not seem to be the best heuristic. here are some other proposed heuristics for choosing among multiple keys with full calculated User ID validity during encryption: 0) choose the most recently-created key 1) choose the key with the strongest supported encryption-capable subkey (by bitlength?) 2) encrypt to *all* matching keys The current implementation does what seems to be the Wrong Thing in the use case where the recipient is going through a key transition, and has two keys (one older, deprecated but not yet expired; and one newer, stronger, preferred). Any thoughts on this? Should i open it as a ticket? --dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users