Quoting Simon Josefsson (2016-04-12 15:49:18)
To counteract this, we can significantly reduce the number of attached
public keys if we are just a little bit clever about the decision of
when to add it. Roughly, it makes sense to attach the public key to
the first message of a conversation with each recipient.
It sounds good in theory, but I don't think that will work. Let's
compare how I use e-mail clients. I use k9, claws, evolution, webmail,
and probably several other clients that I forgot. I don't read all
emails in all clients, of course. I only read the emails that I need
in the client I happen to have available. So if you only include the
public key in the first message of a conversation, the majority of my
clients would never see that email because of my usage pattern. None
of any newly installed MUA would ever see the email, which over time
tends to approach 100% of my MUAs since I re-install most of them from
time to time.
Now it may be that my usage pattern is a corner case, but I believe it
is typical for many users today.
In the multi-device world you are describing I think is pretty important to
share your keyring among your devices, not just your private keys, but all your
known public keys and your trust on them.
Another question is, where to place the key. In email, we have two
options: in a separate mime part, or directly next to the pgp
signature data.
You could put it in the email header too. It would be bizare for
larger keys, but at least possible in theory.
Also, the OpenPGP mail/news url field header was intended to provide an
indirect way to support this:
http://josefsson.org/openpgp-header/
You still have some of the keyserver privacy concerns, and require
a network connection, but I'd just like to mention it as another option
to consider.
In bitmask we do some of the things you propose Vincent. We attach public keys
to all sent emails until we get an email encrypted to this public key. We
attach
the key as a mime part, because enigmail already have support for that and is
one click to import it in your keyring.
We also add the OpenPGP header to all the sent emails and use it to discover
keys from the 'url' field if it's https and from the same domain than the email
address.
Even dough I have many concerns about key discovery on the key servers, I think
we need key servers for key updates. We need to be able to revoke, extend
expiration, rotate subkeys, ... I think is really important for OpenPGP email
clients to be able to update periodically the keyring in a 'privacy preserving
way'. We even dream to have some crappy forward secrecy by rotating encryption
subkeys often, and deleting them from the keyring.
--
Ruben Pollan | http://meskio.net/
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
My contact info: http://meskio.net/crypto.txt
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Nos vamos a Croatan.
signature.asc
Description: signature
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp