[messaging] Advertising public key in email (was: TOFU to ease PGP key discovery)

Tom Ritter tom at ritter.vg
Wed Feb 11 03:17:15 PST 2015


On 11 February 2015 at 04:46, Mike Hearn <mike at plan99.net> wrote:
> You shouldn't be able to send a mail that's encrypted but not signed, that
> makes little sense.

Do you say that from a political sense or from a technical sense of
the S/MIME spec?  I regularly don't sign my emails for a host of
reasons even though I encrypt them.

A mail header certainly has the issue of a privacy-preserving way of
fetching it, but I find key attachments to be ugly and confusing to
non-users.  I feel like there must be some way in the MIME world to
stash a key somewhere that's hidden from clients but accessible to the
machine.

-tom


More information about the Messaging mailing list