[openpgp] Re: Encryption subkey selection

[Falko Strenzke <falko.strenzke@mtg.de>]

Hi Bart,

I think you are right. But I think this aspect touches another point:

Should the sender, if they don't find any set of suitable encryption 
subkeys by processing the ESS

     a) fail to apply encryption (this is how I understand Justus' proposal)
     b) or should they fall back to any custom key selection strategy 
they prefer?

a) doesn't seem very nice in my view, because it introduces a failure 
mode that precludes encryption where previously – without support of the 
ESS packet in either of the implementations on both sides – was none. 
Falling back to the a custom set of keys should always be possible in my 
view. This is because if the sender wouldn't support the ESS, this is 
what they would do anyway (except we go so far as to make the ESS 
critical). So to say pretending not be supporting ESS seems to be a 
viable option in some way. I think failure of the ESS selection could be 
interpreted to the effect that turning on opportunistic encryption 
should be avoided (for whatever reason that would be otherwise 
considered). But encryption explicitly required by the user should still 
be possible.

In case of b) it doesn't seem to matter that much if we assign implicit 
rank 0 to keys or keep them outside the ESS selection algorithm 
altogether. I would tend to say in case the ESS selection fails, the 
sender should be be able to pick any set of encryption subkeys – whether 
they have an associated ESS or not.

Best regards,

Falko


Am 07.04.25 um 10:19 schrieb Bart Butler:
> Hi Andrew and Falko,
>
> I think “use existing implementation behavior” would be better for 
> cases where no suitable subkeys with ESS are found. Assigning zero 
> would seemingly mandate that if the subkeys with nonzero ESS were 
> found to be unusable every other subkey that was usable would have to 
> be used together, which is in general different than current 
> implementation behavior and is an odd side effect.
>
> -Bart
>
> On Mon, Apr 7, 2025 at 9:36 AM, Andrew Gallagher 
> <andrewg=40andrewg.com@dmarc.ietf.org <mailto:On Mon, Apr 7, 2025 at 
> 9:36 AM, Andrew Gallagher <<a href=>> wrote:
>> Hi, Falko.
>>
>> On 7 Apr 2025, at 07:50, Falko Strenzke <falko.strenzke@mtg.de> wrote:
>> >
>> > But I think we need to define a default rank that is assigned to a 
>> subkey in the case that at least one encryption subkey in the 
>> certificate carries the ESS. That would probably be "0".
>>
>> This would be reasonable. Another option would be to treat such 
>> encryption subkeys as “do not automatically select”. This might seem 
>> to render the subkey unusable, but some clients allow the user to 
>> manually override the default subkey selection algorithm, in which 
>> case it could still be used. It’s worth noting that gnupg appears to 
>> now interpret the “reserved for adsk” key flag this way.
>>
>> A
>> _______________________________________________
>> openpgp mailing list -- openpgp@ietf.org
>> To unsubscribe send an email to openpgp-leave@ietf.org
>
> _______________________________________________
> openpgp mailing list --openpgp@ietf.org
> To unsubscribe send an email toopenpgp-leave@ietf.org
-- 

*MTG AG*
Dr. Falko Strenzke

Phone: +49 6151 8000 24
E-Mail: falko.strenzke@mtg.de
Web: mtg.de <https://www.mtg.de>

------------------------------------------------------------------------

MTG AG - Dolivostr. 11 - 64293 Darmstadt, Germany
Commercial register: HRB 8901
Register Court: Amtsgericht Darmstadt
Management Board: Jürgen Ruf (CEO), Tamer Kemeröz
Chairman of the Supervisory Board: Dr. Thomas Milde

This email may contain confidential and/or privileged information. If 
you are not the correct recipient or have received this email in error,
please inform the sender immediately and delete this email.Unauthorised 
copying or distribution of this email is not permitted.

Data protection information: Privacy policy 
<https://www.mtg.de/en/privacy-policy>