ietf-openpgp
[Top] [All Lists]

Re: [openpgp] Embedded TPK subpacket

2019-03-25 07:39:01
Hi Vincent,

On Mon, 25 Mar 2019 13:25:52 +0100,
Vincent Breitmoser wrote:
My proposal is ment to obsolete the existing mechanisms.  The fact that
we now have multiple incompatible mechanisms is a bit sad, and I'm
trying to extend OpenPGP so that we can have interoperable
implementations again.

So what your proposal brings to the table is in-band key distribution without
MUA involvement, but hinges on the use of signed-only mails. Given the rather
terrible state of signed-only messages, which is likely what caused both
Autocrypt and PEP to omit support for them, I'm sceptical of this approach's
potential to do much for the unification of key distribution
mechanisms.

This is *one* of the things that this proposal can help with.  Note:
in the context of Autocrypt, this could help with "autocrypt gossip";
I don't foresee it replacing autocrypt headers.

2) limited usefulness in practice due to
brittle reliability and non-existent network effect.

I agree that they *currently* have limited usefulness.  But, if
companies started to actually sign their outgoing mail, this could
help combat phishing.  I think we should consider both the future's
potential and today's limitations, and not be driven be either
exclusively.

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp

<Prev in Thread] Current Thread [Next in Thread>