ietf-openpgp
[Top] [All Lists]

Re: [openpgp] [openpgp-email] Keyserverless Use of OpenPGP in Email

2016-04-13 16:54:25
Quoting Vincent Breitmoser (2016-04-13 19:19:22)
Ruben Pollan(meskio(_at_)sindominio(_dot_)net)@Tue, Apr 12, 2016 at 
04:34:30PM +0200:
In bitmask we do some of the things you propose Vincent. We attach public 
keys 
to all sent emails until we get an email encrypted to this public key. We 
attach 
the key as a mime part, because enigmail already have support for that and 
is 
one click to import it in your keyring.

That's nice for interoperability but is also, imo, simply one click too
much.

Yes, that is why we automate the key fetch from this attachments and there is 
no 
user action involved.

We also add the OpenPGP header to all the sent emails and use it to 
discover 
keys from the 'url' field if it's https and from the same domain than the 
email address.

I don't think the URI field can gain any reach as long as it has to rely
on users manually uploading the key somewhere. If an email provider did
provided this service and added the header, that might work... but then
the DANE approach probably works better for that scenario.

If I understood correctly DANE your are making public the list of all the email 
addresses (with OpenPGP keys) in your provider. I'm not sure how much I like 
that. But it's probably not worst that uploading the keys to the key servers 
anyway.

We do upload the keys to the provider automatically and publish them in a 
normalized url.

We need to be able to revoke, extend expiration, rotate subkeys, ...

Timed updates from keyservers aren't as affected by the the
connectivity, delay, and privacy problem as on-the-fly lookup while
reading mail.

Agree :)

-- 
Ruben Pollan  | http://meskio.net/
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
 My contact info: http://meskio.net/crypto.txt
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Nos vamos a Croatan.

Attachment: signature.asc
Description: signature

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp