[messaging] key validation rules for today

Daniel Thomas drt24+messaging at cam.ac.uk
Mon Sep 8 03:22:51 PDT 2014


On 08/09/14 07:50, elijah wrote:
> Unless otherwise specified, "key" in this text always means "public key".

One general observation, something which is particularly annoying with
existing OpenPGP email signing/encrypting is the assumption that there
is a 'key' rather than that there are 'keys'. So when Enigmail recently
changed its defaults to 'encrypt where possible' I ended up with a bunch
of emails encrypted under only one of my keys and so had to wait until I
was in a different location to read them[0].

I think for key validation it is important to ensure that it says 'keys'
in all the appropriate places as in general users will likely have one
key per device (so that they fail independently) and several devices.
Does that seem sensible? The interaction between that and key transition
is subtle. Is it useful to distinguish between 'this is a new key,
signed by my old key which is now deprecated' and 'this is a new key,
signed by my old key which will keep on being used'?

Daniel

[0]: Eventually I had to turn off 'encryption where possible' as it just
annoyed both me and my correspondents.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140908/747fae76/attachment.sig>


More information about the Messaging mailing list