[openpgp] Combining signature with signer's public key

Kai Engert <kaie@kuix.de> Thu, 10 December 2020 21:38 UTC

Return-Path: <kaie@kuix.de>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 4EA7E3A12D1 for <openpgp@ietfa.amsl.com>; Thu, 10 Dec 2020 13:38:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kuix.de
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id hz6n-UM8s3R3 for <openpgp@ietfa.amsl.com>; Thu, 10 Dec 2020 13:38:28 -0800 (PST)
Received: from cloud.kuix.de (cloud.kuix.de [IPv6:2001:8d8:1801:86::1]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2860A3A12D0 for <openpgp@ietf.org>; Thu, 10 Dec 2020 13:38:28 -0800 (PST)
Received: from [] (ip-95-223-75-128.hsi16.unitymediagroup.de []) by cloud.kuix.de (Postfix) with ESMTPSA id 55B6118C62A for <openpgp@ietf.org>; Thu, 10 Dec 2020 21:38:23 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=kuix.de; s=2018; t=1607636303; bh=FekHyODJsMizrI01tKz29rTTIrzBnxP0vs3kJlZh7/c=; h=To:From:Subject:Date:From; b=XxmYybWozhkmyU55cjmbmwldTV+6kB5GULU7tkeYUIWBVPZicxrA1kHTDeao3zOHc TsqioDndjeToAYWOhJ18cQFd4twnd/Akj+FLOtlZV6nST7xdaY7Y06wVK0/br3j+1s 9MbHVc2uHHeHmQv+Q5HYo2KeiuelDZbM97Vg6MO9g427CXphK+rZyummqfR9qfsFdJ 1auBsk4dpgrKLP01sl2GYZuMB4Z2XzXBJX2AGVD+tHa6GQUQJDfLkWv6AFl1hIlm+1 cUFw6Nx563HoaTiQA4knyoUW6bwqTJ5JLYCkN8wv3hJfZcG58yc2HhZ7RKknvzBJ7n twgU6CJ+iRtqA==
To: openpgp@ietf.org
From: Kai Engert <kaie@kuix.de>
Message-ID: <48be3fcf-cdce-9ef4-655b-63b6dddf9310@kuix.de>
Date: Thu, 10 Dec 2020 22:38:22 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0 Thunderbird/78.5.1
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/xd1RNkMcysllXbqER_0Gpz6kdio>
Subject: [openpgp] Combining signature with signer's public key
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Dec 2020 21:38:29 -0000

Is it possible to include the sender's own public key as part of a 
detached OpenPGP signature?

When Thunderbird sends a signed email, it wants to include the sender's 
public key by default, to ensure that the recipient has it available.

Thunderbird sends the key as an attachment.

We received a surprisingly high number of complaints from users. who are 
unhappy about having attached the key by default. Apparently having the 
extra public key attachment causes confusion on the recipient side, with 
users not understanding what the attachment is about.

However, I haven't heard complaints about the signature attachment - 
which is shown by MUA that don't support OpenPGP. The signature 
attachment appears to be less of a problem or confusion.

If it were possible to include the sender's public key inside the 
signature, Thunderbird could use a single attachment for both.