ietf-openpgp
[Top] [All Lists]

Re: [openpgp] [openpgp-email] Keyserverless Use of OpenPGP in Email

2016-04-12 09:30:23
Now it may be that my usage pattern is a corner case, but I believe it
is typical for many users today.

Good point. I'll think about this some more.  Two related ideas from the
top of my head:
- keyring synchronization. this is necessary to send an encrypted
  message to a known contact from a new device, so it's going to be a
  thing we will have to worry about somewhere down the line for proper
  support of the multi-device scenario.
- store message-id of the message where the pubkey was last sent on the
  sender side, and add it to the mime header of the signature? for
  reasonably recent messages, clients should be able to make that lookup
  without network in many cases, and it avoids the privacy leak.

You could put it in the email header too.  It would be bizare for
larger keys, but at least possible in theory.

Yeah, 10kb header lines don't seem very practical. I also considered the
mime header, but same argument, it's just too unwieldy. :\

You still have some of the keyserver privacy concerns, and require
a network connection, but I'd just like to mention it as another option
to consider.

Indeed: Connectivity, delay, privacy. :)

I agree it could work.  Write an I-D describing the approach and try to
get MUA client support for it.

Depending on the resonance I get or further arguments brought up here,
I'm going to implement this in at least K-9 Mail myself. :)

Thanks for the feedback so far!

 - V

Attachment: signature.asc
Description: Digital signature

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp