[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Autocrypt header field
From: |
Robert Pluim |
Subject: |
Re: Autocrypt header field |
Date: |
Wed, 21 Feb 2018 11:19:54 +0100 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/26.0.91 (gnu/linux) |
Richard Stallman <address@hidden> writes:
> [[[ To any NSA and FBI agents reading my email: please consider ]]]
> [[[ whether defending the US Constitution against all enemies, ]]]
> [[[ foreign or domestic, requires you to follow Snowden's example. ]]]
>
> > What level of support were you thinking of? The Autocrypt
> > recommendations include a whole bunch of PGP key generation and setup
> > messaging that I'm not convinced are necessary.
>
> We should consult an expert such as Werner Koch about that.
I was unclear: Autocrypt has a setup procedure that involves
generating a new PGP key specifically for use with it, and producing a
setup email message containing that key. Many users will probably
already have a PGP key that they would prefer to use instead,
obviating the need for such setup.
> Snarfing the key from
> > the header and adding it to the user's keyring should be easy enough. [1]
>
> I suppose that is the job to be done; you've raised the question of how
> to do that right.
>
That's part of what needs to be done. Once the keys are stored
somewhere, a decision then needs to be made on a per-message basis as
to whether or not to sign/encrypt, the keys need to be kept track of
in case they change, and probably more (I haven't committed the
Autocrypt specification to memory)
> > [1] Or should this go to a separate Autocrypt keyring?
>
> I never heard of Autocrypt before. What would be the reason for doing
> that?
It's a whole new method for automatically signing email. People might
not want emacs to start adding keys to their default keyring
automatically. In the only other similar case I know of, namely elpa
package signature checking, a separate keyring is created.
Robert