On Wed, 30 Dec 2015, Fred Baker (fred) wrote:
Second, many of my colleagues have asked me to remove their old keys from my
database, because they have forgotten them, although the PGP repository has
not. It may be necessary to purge the PGP database, obsoleting and removing
keys that have been superseded, and advising holders of keys that their keys
are old and should be updated. I actually cannot encrypt to the entire set of
keys I downloaded, only those whose holders can still decrypt such
communications.
That is one of the motivations behind:
https://tools.ietf.org/html/draft-ietf-dane-openpgpkey
You can also add a milter plugin to sendmail/postfix that will encrypt
automatically for you on outgoing/forwarding email:
https://github.com/letoams/openpgpkey-milter
You can generate openpgpkey records using hash-slinger's openpgp command:
https://github.com/letoams/hash-slinger
In other words, tools tend to work a lot better when they are used. We need to
actually use our tools, not just as individuals, but as an organization, and
where they are not serving us well, we need to correct that.
I agree. When I first enabled openpgpkey-milter myself, I forgot that my
email is delivered to mx.nohats.ca, and forwarded to a private IP that
is my local mailserver at home. So mx.nohats.ca dutyfully encrypted ALL
my email it forwarded. Neither I or my mail tools were ready for that.
I'm hoping mail clients will be able to receive/decrypt a lot more
easilly and store email unencrypted (depending on disk crypto for
privacy) so one does not lose the ability to read/search through old
email)
Paul