Quoting Vincent Breitmoser (2016-04-13 19:19:22)
Ruben Pollan(meskio(_at_)sindominio(_dot_)net)@Tue, Apr 12, 2016 at
04:34:30PM +0200:
In bitmask we do some of the things you propose Vincent. We attach public
keys
to all sent emails until we get an email encrypted to this public key. We
attach
the key as a mime part, because enigmail already have support for that and
is
one click to import it in your keyring.
That's nice for interoperability but is also, imo, simply one click too
much.
Yes, that is why we automate the key fetch from this attachments and there is
no
user action involved.
We also add the OpenPGP header to all the sent emails and use it to
discover
keys from the 'url' field if it's https and from the same domain than the
email address.
I don't think the URI field can gain any reach as long as it has to rely
on users manually uploading the key somewhere. If an email provider did
provided this service and added the header, that might work... but then
the DANE approach probably works better for that scenario.
If I understood correctly DANE your are making public the list of all the email
addresses (with OpenPGP keys) in your provider. I'm not sure how much I like
that. But it's probably not worst that uploading the keys to the key servers
anyway.
We do upload the keys to the provider automatically and publish them in a
normalized url.
We need to be able to revoke, extend expiration, rotate subkeys, ...
Timed updates from keyservers aren't as affected by the the
connectivity, delay, and privacy problem as on-the-fly lookup while
reading mail.
Agree :)
--
Ruben Pollan | http://meskio.net/
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
My contact info: http://meskio.net/crypto.txt
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Nos vamos a Croatan.
signature.asc
Description: signature
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp