[messaging] Advertising public key in email (was: TOFU to ease PGP key discovery)
Tom Ritter
tom at ritter.vg
Wed Feb 11 03:17:15 PST 2015
On 11 February 2015 at 04:46, Mike Hearn <mike at plan99.net> wrote:
> You shouldn't be able to send a mail that's encrypted but not signed, that
> makes little sense.
Do you say that from a political sense or from a technical sense of
the S/MIME spec? I regularly don't sign my emails for a host of
reasons even though I encrypt them.
A mail header certainly has the issue of a privacy-preserving way of
fetching it, but I find key attachments to be ugly and confusing to
non-users. I feel like there must be some way in the MIME world to
stash a key somewhere that's hidden from clients but accessible to the
machine.
-tom
More information about the Messaging
mailing list