Updated Keyserver less OpenPGP (markdown)

Keyserver-less-OpenPGP.md

@@ -1,12 +1,24 @@
-Opportunistic Key Exchange
+Warning: This does not discuss trust, only key discovery!
-
-This does not discuss trust, only key discovery!
 
+# Opportunistic Key Exchange
   * A: Send normal email with header ``OpenPGP: preference=signencrypt``
   * B: Receiver's normal response email is signed and contains the key as attachment
   * A: Email is received, key is automatically imported and signature verified. Check that key corresponds to sig?
   * A: 3rd email is encrypted+signed in this exchange
 
+# Full Text
+We propose to enable the OpenPGP header by default for all outgoing emails to announce to recipients that you are capable of receiving OpenPGP protected emails.
+
+The default header should look like this: ``OpenPGP: preference=signencrypt``
+
+Always announcing that a sender is capable of receiving OpenPGP protected emails signals to the receiver to -- for the next email to this sender -- attach his/her public key and sign it.
+
+In K-9 Mail on Android we plan to import these attached keys automatically to opportunistically protect emails with OpenPGP.
+
+We propose this additional roundtrip with the header instead of always signing and attaching keys directly, because users which don't use OpenPGP are annoyed by weird attachments like signature.asc or 0x12345678.asc.
+
+We are not proposing to include a Key ID or URL in the header by default for all emails as this would leak additional data. Including a Key ID would leak information about the key if it's available on keyservers, including the URL does not allow to import something automatically as this introduced a synchronous connection to a webserver, which could be exploited for tracking users for example.
+
 [The "OpenPGP" mail and news header field](https://tools.ietf.org/html/draft-josefsson-openpgp-mailnews-header-07)
 
 Tracking in email client bug trackers: