Ruben Pollan(meskio(_at_)sindominio(_dot_)net)@Tue, Apr 12, 2016 at 04:34:30PM
+0200:
In bitmask we do some of the things you propose Vincent. We attach public
keys
to all sent emails until we get an email encrypted to this public key. We
attach
the key as a mime part, because enigmail already have support for that and is
one click to import it in your keyring.
That's nice for interoperability but is also, imo, simply one click too
much.
We also add the OpenPGP header to all the sent emails and use it to discover
keys from the 'url' field if it's https and from the same domain than the
email
address.
I don't think the URI field can gain any reach as long as it has to rely
on users manually uploading the key somewhere. If an email provider did
provided this service and added the header, that might work... but then
the DANE approach probably works better for that scenario.
We need to be able to revoke, extend expiration, rotate subkeys, ...
Timed updates from keyservers aren't as affected by the the
connectivity, delay, and privacy problem as on-the-fly lookup while
reading mail.
- V
signature.asc
Description: Digital signature
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp