nwalfield
commented
4 years ago As I argue in that thread, it would be better to encrypt to all valid subkeys.
Closed ni4 closed 4 years ago
nwalfield
commented
4 years ago As I argue in that thread, it would be better to encrypt to all valid subkeys.
ni4
commented
4 years ago @nwalfield Imho this would be too strict default behavior as for library level (and effectively lowering security level to the less secure subkey). Implementation, which uses RNP, still able to pick any number of subkey(s) used for encryption. So it could have checkmark like 'Use all available subkeys for encryption' making this configurable.
nwalfield
commented
4 years ago As I argue there, your policy actually lowers the security, because it means that all keys need to be available on all devices. By encrypting to all, it is possible to generate and store keys on TPMs. If security is a concern, it is better to retire old keys.
Description
Currently, when encrypting data to the primary key which is not able to encrypt, rnp chooses the first encryption-capable 'good' subkey. However, it could be more wise to choose the latest one. See the discussion/report here:
https://thunderbird.topicbox.com/groups/e2ee/T12a8f43ab17206ec-M835b2ddbba1b0dfe3ec85cb5/tb-native-openpgp-implementation-does-not-use-newer-subkeys