expired user-id selection preference
Closed, ResolvedPublic


Currently, gpg selects the first key from a user's keyring if the name is used
rather than the key ID. This key selection process actually selects expired keys
in this scenario, because the self-signature is cryptographically valid. In
fact, I think it even prefers those expired keys, because they are older.

This not only makes key transitions very difficult, because you need to ask
people to delete from their key ring your expired key, or they will always be
provided with that key as their first choice (such as via mutt, or other MUAs),
but it raises a serious security concern as data is encrypted to incorrect keys
because gpg suggests that incorrect key.

I tried to add these comments to T1143 -
which seems related to this issue, but even after logging into the system, I
cannot edit/update bugs. That is a bug in itself. I understand that there is
some suggested fixes for the future, but it seems a long way off and that seems
unfortunate for something so problematic.

micah added subscribers: dkg, micah, werner.
micah added a comment.Jun 1 2010, 11:45 PM

It appears that gnupg does not prefer those keys based on their age, but rather
that it prefers them because they were loaded into the local keyring first. if
you remove both keys, then re-add them in the opposite order, gpg seems to
prefer a different one... that still doesn't make it any better.

werner added a comment.Jun 4 2010, 3:09 PM

You are a provisional user and thus only abale to edit your own entries. We
need to run it this way to avoid trolls closing or commenting bugs. I'll change
your role now.

werner lowered the priority of this task from High to Normal.Jun 4 2010, 3:09 PM
neal added a subscriber: neal.Nov 6 2015, 12:39 PM

Duplicate of T1143

werner closed this task as Resolved.Sep 28 2016, 9:20 AM
werner claimed this task.

Duplicate of T2359

We track this now under T2359