Re: [openpgp] key distribution by email strategy

[Steffen Nurpmeso <steffen@sdaoden.eu>]

Werner Koch wrote in
 <87k0to3yen.fsf@wheatstone.g10code.de>:
 |On Fri, 11 Dec 2020 13:22, Heiko Schaefer said:
 |
 |> The autocrypt standard is established, and quiet a few projects support
 |> it (https://autocrypt.org/dev-status.html).
 |
 |Autocrypt is bound to mail use cases and can't be used in other
 |environments.  Remember that mail is only one use-case; there are many
 |other important use cases.

Also it is a tremendous waste to include kilobytes of data (for
usual key types) in each and every mail for nothing, even if the
mail as such is not even signed!
And if it is signed, then everything you want is included anyway
.. no?

 |Key discovery has never been in the scope of OpenPGP.  The standard
 |provided means to implement systems but does not enforce the use of one.
 |That limited scope worked very well over the last 23 years.
 |
 |Noet that I do not say that such topics ares out of scope for this
 |mailing list; merely for the OpenPGP standard.  In fact, over all the
 |years this list has also been used as an implementers forum.

I personally (not yet supporting OpenPGP for at least one more
year, but S/MIME) am also of the opinion that _if_ you discover to
have an immediate, real need to start a secure, encrypted
communication with someone that you have not yet exchanged keys
with, then you can very well send a small message in advance and
ask for a public key, or how and where to get it.  I admit,
i never understood autocrypt.

--steffen
|
|Der Kragenbaer,                The moon bear,
|der holt sich munter           he cheerfully and one by one
|einen nach dem anderen runter  wa.ks himself off
|(By Robert Gernhardt)