Vincent Breitmoser wrote in
<2L846BD1235O5.2AHC2UF19W9NU@my.amazin.horse>:
|> then you can very well send a small message in advance and ask for \
|> a public
|> key, or how and where to get it. I admit, i never understood autocrypt.
|
|Autocrypt was designed with folks in mind who don't think that way.
|We wildly speculated there'd be a lot of those.
Well yes, sure. It is just, i guess i "never gonna fall for
Modern Love". I find it wasteful, superfluous, and
over-engineered. And in my opinion it is not bad advice to users
to say just that.
In S/MIME that is much better, but of course you need a CA.
I have a CACert S/MIME certificate, i had to verify its email
address, and if i send a S/MIME signed mail anyone can savely save
the public certificate that ships with it, when they verify it
against the ... well you know how it works of course.
I'd rather have the same for OpenPGP, a signed message with the
public thing extractable embedded, then i at least know that the
signer had the private key for that public thing at hand.
--steffen
|
|Der Kragenbaer, The moon bear,
|der holt sich munter he cheerfully and one by one
|einen nach dem anderen runter wa.ks himself off
|(By Robert Gernhardt)
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp