[messaging] User key lookup and the Web PKI analogy

Tom Ritter tom at ritter.vg
Thu Aug 21 08:35:52 PDT 2014

On 21 August 2014 06:51, Alaric Snell-Pym <alaric at snell-pym.org.uk> wrote:
> On 19/08/14 23:18, elijah wrote:
>> I think there is certainly a place for both decentralized and
>> infrastructure approaches, and if we can actually get an infrastructure
>> approach that works reliably then people will start to see the usability
>> benefit.
> I think we need more infrastructure to support decentralized approaches,
> too :-)
> I have spoken before of a key most usefully mapping to a "reputation",
> but current systems provide little scope to manage that reputation for
> me. I would like it if OpenPGP kept track of what things it had seen
> signed with each random public key it encounters; if I want to contact
> you, and I find several keys claiming to be owned by "elijah" in my
> keyring and/or public key servers, I'd like to see which one has signed
> lots of messaging at moderncrypto.org posts in the past. Currently, there's
> no easy way of doing that.

I'm very nervous any of technology that runs in the background quietly
remembering metadata. I think people have in-built expectations around
activity on their computers (that aren't always held up).  For
example: someone comes home, closes all the programs, starts up Chrome
Incognito, browses some sites, then reboots.  They probably expect
that any temporary files left from that 'session' are gone.

BUT I don't see any reason I shouldn't be able to search my mailbox
for encrypted-to:0x1234567890 or signed-by: 0x1234567890 and get not
only a list of results, but a very nice graph of what timeframes those
results are from.


More information about the Messaging mailing list