As I have mentioned before, I have been looking for ways to make encrypted
mail as easy to use as regular mail. I now have a prototype that works with
S/MIME but the same approach would transfer to OpenPGP without any
substantial changes.
The part that has held me up longest is how to manage private keys so that
people can make use of them on multiple devices. The idea that if I buy a
new phone or a watch, I should be able to enable it for all my applications
instantly in one operation. This would naturally include S/MIME and OpenPGP.
What I have running is a manager that does not depend on a trusted service.
It is service based, but the service never has a plaintext private key.
Looking at the technology choices, this does not look like OpenPGP BIS
work. Any new spec should look like ACME type stuff, i.e. JSON Web Service.
But I think it is still relevant.
The big pain point for a lot of Internet users is managing their passwords
at multiple sites. PKI provides a mechanism that lets us get away from
passwords completely. But there will be legacy requirements for password
support regardless.
We have just seen a massive failure by a password management service. Which
has me thinking. There is clearly demand for a password management tool
that does not rely on a trusted service. If that tool also enables S/MIME
and OpenPGP we get encrypted mail users for free.
Does that make sense?
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp