IETF Logo Mail Archive

Re: [openpgp] key distribution by email strategy

Heiko Schaefer <heiko.schaefer@posteo.de> Fri, 11 December 2020 12:22 UTC

Return-Path: <heiko.schaefer@posteo.de>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 69BC73A0B0C for <openpgp@ietfa.amsl.com>; Fri, 11 Dec 2020 04:22:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.12
X-Spam-Level:
X-Spam-Status: No, score=-2.12 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=posteo.de
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XZRD7CeUNy8M for <openpgp@ietfa.amsl.com>; Fri, 11 Dec 2020 04:22:21 -0800 (PST)
Received: from mout02.posteo.de (mout02.posteo.de [185.67.36.66]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8CA9E3A0AF8 for <openpgp@ietf.org>; Fri, 11 Dec 2020 04:22:20 -0800 (PST)
Received: from submission (posteo.de [89.146.220.130]) by mout02.posteo.de (Postfix) with ESMTPS id 416FC2400FC for <openpgp@ietf.org>; Fri, 11 Dec 2020 13:22:14 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.de; s=2017; t=1607689337; bh=MJHC869qVW0N5wPY+Ode0+6Qu66njrRwwzCejrD5kjY=; h=To:From:Subject:Date:From; b=QwOmTEH8WWHnpXVHHo6wejcIiRFbsStbD8EQ0CVKjA0QBs+PmoBqVHapU85bFByOZ P4Ucc8nYlwAg3pSNbMJH92G3vcP2a/RYyx8USxba6dN58YRpfgdW5S7+M0337ZAwLj yXpMj3d1dmla2jDNC/xIf+J03ksEpYOda60O2KNP3H3JCVSdWbiYkajJuOQrTyIeV4 LTIhhFp8C6jfimul/sOVqqvdBabHDBlzTXseLrpl7Wxeyu1TiP21RCQtyhspIrBghv bdTqlOScF+6Z9XG9ASXxGRtDwKbVZSLc3gxPK1131Y1FmpMikRCqcd5y5bFpozxoTV X/x4x5IDOMcDQ==
Received: from customer (localhost [127.0.0.1]) by submission (posteo.de) with ESMTPSA id 4CsqfZ3mSvz6tmD for <openpgp@ietf.org>; Fri, 11 Dec 2020 13:22:13 +0100 (CET)
To: openpgp@ietf.org
References: <48be3fcf-cdce-9ef4-655b-63b6dddf9310@kuix.de> <322cc545-4358-ba95-65d5-3f75b7050c0b@kuix.de>
From: Heiko Schaefer <heiko.schaefer@posteo.de>
Message-ID: <47bcbed4-3832-6ee0-4a39-127af7e455b3@posteo.de>
Date: Fri, 11 Dec 2020 13:22:12 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.5.1
MIME-Version: 1.0
In-Reply-To: <322cc545-4358-ba95-65d5-3f75b7050c0b@kuix.de>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/1zQMUEwOMlM-0casoR2fBnUQ0gw>
Subject: Re: [openpgp] key distribution by email strategy
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Dec 2020 12:22:23 -0000

Hello Kai

On 12/11/20 12:21 PM, Kai Engert wrote:
[..]
> (3) Develop a reasonable strategy for treating complex keys,
> which contain multiple user IDs, or multiple sub keys, or both.
[..]

I would like to add a strong vote for not casually inventing yet another
mechanism for distributing OpenPGP key material.

The autocrypt standard is established, and quiet a few projects support
it (https://autocrypt.org/dev-status.html).

One of the stated objectives of autocrypt is "Use decentralized, in-band
key discovery" (https://autocrypt.org/background.html). This seems to be
exactly what this discussion is about.

For example, the point you raise above is specifically covered in the
standard here: https://autocrypt.org/level1.html#openpgp-based-key-data


If the autocrypt standard does not satisfy requirements that thunderbird
has, relating to key discovery, it would seem best to me that the wider
OpenPGP community work on enhancing the standard.

Thank you, regards,
Heiko

v2.14.0 | Report a Bug | By Email