[openpgp] Re: Encryption subkey selection
Andrew Gallagher <andrewg@andrewg.com> Mon, 07 April 2025 07:36 UTC
Return-Path: <andrewg@andrewg.com>
X-Original-To: openpgp@mail2.ietf.org
Delivered-To: openpgp@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id A173B184471D for <openpgp@mail2.ietf.org>; Mon, 7 Apr 2025 00:36:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=andrewg.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Yp53UZe3-w8A for <openpgp@mail2.ietf.org>; Mon, 7 Apr 2025 00:36:18 -0700 (PDT)
Received: from fum.andrewg.com (fum.andrewg.com [IPv6:2a01:4f9:c011:23ad::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 586F81844715 for <openpgp@ietf.org>; Mon, 7 Apr 2025 00:36:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=andrewg.com; s=andrewg-com; t=1744011376; bh=DC4rrBjsPAZN4ZN5T+jX+sDnpk5N3hx+6PGZ21av3Us=; h=From:Subject:Date:References:Cc:In-Reply-To:To:From; b=wDGM3LwV7digxHDm7VNiGeUoeloZkkt033kaXfr9PRVsFreBxfzEeElC+W4IbUXc4 2HJVLpi+iWEezTiyl5pXqY1epGqSjq8t/sJ1FjWPkJqS/iM51QNLvQBKyUa8+GQ6GL NcjNVx8961z+9iy8h/YFwYgekpboyZ10uP7xC7PLA/KdP7PYyscIjt5OY0EssBrIso qRqLIgvjjelHRUyUUmCg//UyBdqtSo76f4qXZQICxPW4qnNh5yvRMDTIgWcwg9I7sY HutKK0qbsSm6ltoMknppoiJ3NaY9hfNy3GaTcHmwfrMDNIv0Ry+8NvQ55Twjm02Imh s9rNlJpcbVssg==
Received: from smtpclient.apple (unknown [176.61.115.103]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (Client did not present a certificate) by fum.andrewg.com (Postfix) with ESMTPSA id 5623A5EDFE; Mon, 7 Apr 2025 07:36:16 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
From: Andrew Gallagher <andrewg@andrewg.com>
Mime-Version: 1.0 (1.0)
Date: Mon, 07 Apr 2025 08:36:03 +0100
Message-Id: <E84CD5EE-DAAF-44D6-BCEE-CB92AE6CBBEC@andrewg.com>
References: <26f46aef-dde6-4564-92b2-2914aa574944@mtg.de>
In-Reply-To: <26f46aef-dde6-4564-92b2-2914aa574944@mtg.de>
To: Falko Strenzke <falko.strenzke@mtg.de>
X-Mailer: iPhone Mail (22D82)
Message-ID-Hash: VX2F2GJSZ6VPFFTR4QEARZ6XZ4USZP62
X-Message-ID-Hash: VX2F2GJSZ6VPFFTR4QEARZ6XZ4USZP62
X-MailFrom: andrewg@andrewg.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-openpgp.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Justus Winter <justus@sequoia-pgp.org>, openpgp@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [openpgp] Re: Encryption subkey selection
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/YDwG7cDkhDmyjnPMrIyGwCNFVww>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Owner: <mailto:openpgp-owner@ietf.org>
List-Post: <mailto:openpgp@ietf.org>
List-Subscribe: <mailto:openpgp-join@ietf.org>
List-Unsubscribe: <mailto:openpgp-leave@ietf.org>
Hi, Falko. On 7 Apr 2025, at 07:50, Falko Strenzke <falko.strenzke@mtg.de> wrote: > > But I think we need to define a default rank that is assigned to a subkey in the case that at least one encryption subkey in the certificate carries the ESS. That would probably be "0". This would be reasonable. Another option would be to treat such encryption subkeys as “do not automatically select”. This might seem to render the subkey unusable, but some clients allow the user to manually override the default subkey selection algorithm, in which case it could still be used. It’s worth noting that gnupg appears to now interpret the “reserved for adsk” key flag this way. A
- [openpgp] Encryption subkey selection Justus Winter
- [openpgp] Re: Encryption subkey selection Andrew Gallagher
- [openpgp] Re: Encryption subkey selection Falko Strenzke
- [openpgp] Re: Encryption subkey selection Bart Butler
- [openpgp] Re: Encryption subkey selection Falko Strenzke
- [openpgp] Re: Encryption subkey selection Andrew Gallagher
- [openpgp] Re: Encryption subkey selection Falko Strenzke
- [openpgp] Re: Encryption subkey selection Daniel Huigens
- [openpgp] Re: Encryption subkey selection Falko Strenzke
- [openpgp] Re: Encryption subkey selection Daniel Huigens
- [openpgp] Re: Encryption subkey selection Andrew Gallagher
- [openpgp] Re: Encryption subkey selection Falko Strenzke
- [openpgp] Re: Encryption subkey selection Falko Strenzke
- [openpgp] Re: Encryption subkey selection Andrew Gallagher
- [openpgp] Re: Encryption subkey selection Justus Winter
- [openpgp] Re: Encryption subkey selection Daniel Huigens
- [openpgp] Re: Encryption subkey selection Daniel Kahn Gillmor
- [openpgp] Re: Encryption subkey selection Falko Strenzke
- [openpgp] Re: Encryption subkey selection Daniel Huigens
- [openpgp] Re: Encryption subkey selection Daniel Huigens
- [openpgp] Re: Encryption subkey selection Johannes Roth
- [openpgp] Re: Encryption subkey selection Daniel Huigens