On Thu, 20 Apr 2017, Rui Costa wrote:
So, can someone point me to some
URL/documentation/https://mailarchive.ietf.org/arch/msg/ietf/xyz explaining the point on
having keys/cryptography somewhere in between these 2 end points? (And thus i guess i'm
saying i don't understand cryptography's point on scenarios other than what i think
people have called on these threads "E2E".)
I want to send you an encrypted email. I need your key. I can send a
plaintext email asking you for the key. I have to hope that it really
reached you and that it is you who gave me the key and that the key
was not modified in transport.
versus:
You publish your key somewhere with a verifiable link of key to your
email address. Now your first contact with me will be encrypted and
secured.
People have different ideas of what minimums and maximums to use
for "verifiable link of key to email" (or even key to human)
Paul