Re: [openpgp] key distribution by email strategy

Steffen Nurpmeso <> Sat, 12 December 2020 22:08 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 6F48C3A0E63 for <>; Sat, 12 Dec 2020 14:08:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 0
X-Spam-Status: No, score=0 tagged_above=-999 required=5 tests=[SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 9yWNjnI52csg for <>; Sat, 12 Dec 2020 14:08:28 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id A08BE3A0ADF for <>; Sat, 12 Dec 2020 14:08:28 -0800 (PST)
Received: by (Postfix, from userid 1000) id 7DE3516057; Sat, 12 Dec 2020 23:08:25 +0100 (CET)
Date: Sat, 12 Dec 2020 23:08:25 +0100
From: Steffen Nurpmeso <>
To: Vincent Breitmoser <>
Cc:, Heiko Schaefer <>
Message-ID: <>
In-Reply-To: <>
References: <> <> <> <> <> <>
Mail-Followup-To: Vincent Breitmoser <>,, Heiko Schaefer <>
User-Agent: s-nail v14.9.19-179-g6a1d3a31-dirty
OpenPGP: id=EE19E1C1F2F7054F8D3954D8308964B51883A0DD; url=; preference=signencrypt
BlahBlahBlah: Any stupid boy can crush a beetle. But all the professors in the world can make no bugs.
Archived-At: <>
Subject: Re: [openpgp] key distribution by email strategy
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 12 Dec 2020 22:08:30 -0000

Vincent Breitmoser wrote in
 |> then you can very well send a small message in advance and ask for \
 |> a public
 |> key, or how and where to get it.  I admit, i never understood autocrypt.
 |Autocrypt was designed with folks in mind who don't think that way.
 |We wildly speculated there'd be a lot of those.

Well yes, sure.  It is just, i guess i "never gonna fall for
Modern Love".  I find it wasteful, superfluous, and
over-engineered.  And in my opinion it is not bad advice to users
to say just that.
In S/MIME that is much better, but of course you need a CA.
I have a CACert S/MIME certificate, i had to verify its email
address, and if i send a S/MIME signed mail anyone can savely save
the public certificate that ships with it, when they verify it
against the ... well you know how it works of course.
I'd rather have the same for OpenPGP, a signed message with the
public thing extractable embedded, then i at least know that the
signer had the private key for that public thing at hand.

|Der Kragenbaer,                The moon bear,
|der holt sich munter           he cheerfully and one by one
|einen nach dem anderen runter  wa.ks himself off
|(By Robert Gernhardt)