Updated Keyserver less OpenPGP (markdown)
parent
27da915897
commit
d7fa5f0d6e
|
@ -1,31 +1 @@
|
||||||
Warning: This does not discuss trust, only key discovery!
|
Superseded by https://github.com/autocrypt/autocrypt/
|
||||||
|
|
||||||
# Opportunistic Key Discovery
|
|
||||||
* A: Send normal email with header ``OpenPGP: preference=signencrypt`` ([see Internet-Draft](https://tools.ietf.org/html/draft-josefsson-openpgp-mailnews-header-07))
|
|
||||||
* B: B parses header and now knows that A can do OpenPGP
|
|
||||||
* B: Next normal email is signed and contains the key as attachment
|
|
||||||
* A: A receives email, key is automatically imported and signature verified. Check that key corresponds to sig?
|
|
||||||
* A: 3rd email and all onward are encrypted+signed
|
|
||||||
|
|
||||||
# Full Description
|
|
||||||
We propose to enable the OpenPGP header by default for all outgoing emails to announce to recipients that you are capable of receiving OpenPGP protected emails.
|
|
||||||
|
|
||||||
The default header should look like this: ``OpenPGP: preference=signencrypt``
|
|
||||||
|
|
||||||
Always announcing that a sender is capable of receiving OpenPGP protected emails signals to the receiver to -- for the next email to this sender -- attach his/her public key and sign it.
|
|
||||||
|
|
||||||
In K-9 Mail on Android we plan to import these attached keys automatically to opportunistically protect emails with OpenPGP.
|
|
||||||
|
|
||||||
We propose this additional roundtrip with the header instead of always signing and attaching keys directly, because users which don't use OpenPGP are annoyed by weird attachments like signature.asc or 0x12345678.asc.
|
|
||||||
|
|
||||||
We are not proposing to include a Key ID or URL in the header by default for all emails as this would leak additional data. Including a Key ID would leak information about the key if it's available on keyservers, including the URL does not allow to import something automatically as this introduced a synchronous connection to a webserver, which could be exploited for tracking users for example.
|
|
||||||
|
|
||||||
[The "OpenPGP" mail and news header field](https://tools.ietf.org/html/draft-josefsson-openpgp-mailnews-header-07)
|
|
||||||
|
|
||||||
Tracking in email client bug trackers:
|
|
||||||
* [Enigmail](https://sourceforge.net/p/enigmail/bugs/627/)
|
|
||||||
* KMail
|
|
||||||
* gpg4o
|
|
||||||
* GPGOL
|
|
||||||
* GPGTools
|
|
||||||
* r2mail2
|
|
Loading…
Reference in New Issue