[messaging] TOFU to ease PGP key discovery

Mike Hearn mike at plan99.net
Tue Feb 10 03:30:56 PST 2015

(2) We need a new protocol that allows a sender to advertise to the
recipient what their key is and that they prefer encrypted email. The
email signature is a good signal, but not ideal because there is no real
binding between the fingerprint on the signature and the email address

I hate to sound like a broken record, but if you decided not to encrypt all mails by default but rather trigger it off a signed message .... then you have the S/MIME model and your above problem only exists due to the insistence on using PGP. 

Otherwise, the signature contains the certificate which contains a cryptographic binding between email address and key.

What's more - existing mail clients already have the behaviour you're asking for! There is no work to do!

If you want to try it out, grab a free cert here <https://www.comodo.com/home/email-security/free-email-certificate.php> and send me a mail signed with it. I'll reply back with a signed+encrypted message. If your mail client can see this email then you should be able to send me an encrypted mail immediately, assuming the list manager doesn’t scramble the MIME.
A universal system of key validation would obviate the need for this, but
until we all agree on a single standard...

There is a standard for all the things you are asking for. It is specified by the IETF. It has protocols for verified key transitions and more. It's widely deployed and implemented. It's just not PGP.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20150210/25f1d75e/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3927 bytes
Desc: not available
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20150210/25f1d75e/attachment.bin>

More information about the Messaging mailing list