On 11.12.20 09:31, holger krekel wrote:
the reason several e-mail app implementors decided for a header
in the discussions leading up to the Autocrypt spec in 2017
was precisely to not confuse users with weird attachments. related FAQ:
https://autocrypt.org/faq.html#why-are-you-using-headers-rather-than-attached-keys
What do you find problematic about it? It's been used in several mail
apps (including Thunderbird/Enigmail up until TB78 in August 2020) and
did not cause any UX issues or complaints. I'd kindly ask you to consider
not inventing another method now without strong reason.
The amount of data that can be transported in an email header is limited.
For the simple keys that can be generated inside Thunderbird (primary
key, single subkey for encryption, single used ID), using the Autocrypt
header could work.
However:
- we also allow users to use their complex keys with Thunderbird,
which may contain multiple user IDs, and contain many certifications,
causing the key to be very big
The Autocrypt header seems like an incomplete key distribution
mechanism for complex keys.
- what Thunderbird sends in PGP/MIME's application/gpg-keys
attachment isn't limited to the sender's public key.
It will also include revocation statements,
for revoked keys matching the sender's email address.
Kai
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp