ietf-openpgp
[Top] [All Lists]

[openpgp] Combining signature with signer's public key

2020-12-10 15:38:44
Is it possible to include the sender's own public key as part of a detached OpenPGP signature?

When Thunderbird sends a signed email, it wants to include the sender's public key by default, to ensure that the recipient has it available.

Thunderbird sends the key as an attachment.

We received a surprisingly high number of complaints from users. who are unhappy about having attached the key by default. Apparently having the extra public key attachment causes confusion on the recipient side, with users not understanding what the attachment is about.

However, I haven't heard complaints about the signature attachment - which is shown by MUA that don't support OpenPGP. The signature attachment appears to be less of a problem or confusion.

If it were possible to include the sender's public key inside the signature, Thunderbird could use a single attachment for both.

Thanks,
Kai

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp