Hi Kai,
the reason several e-mail app implementors decided for a header
in the discussions leading up to the Autocrypt spec in 2017
was precisely to not confuse users with weird attachments. related FAQ:
https://autocrypt.org/faq.html#why-are-you-using-headers-rather-than-attached-keys
What do you find problematic about it? It's been used in several mail
apps (including Thunderbird/Enigmail up until TB78 in August 2020) and
did not cause any UX issues or complaints. I'd kindly ask you to consider
not inventing another method now without strong reason.
cheers,
holger
On Thu, Dec 10, 2020 at 22:38 +0100, Kai Engert wrote:
Is it possible to include the sender's own public key as part of a detached
OpenPGP signature?
When Thunderbird sends a signed email, it wants to include the sender's
public key by default, to ensure that the recipient has it available.
Thunderbird sends the key as an attachment.
We received a surprisingly high number of complaints from users. who are
unhappy about having attached the key by default. Apparently having the
extra public key attachment causes confusion on the recipient side, with
users not understanding what the attachment is about.
However, I haven't heard complaints about the signature attachment - which
is shown by MUA that don't support OpenPGP. The signature attachment appears
to be less of a problem or confusion.
If it were possible to include the sender's public key inside the signature,
Thunderbird could use a single attachment for both.
Thanks,
Kai
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp