[messaging] Secure OpenPGP Key Pair Synchronization via IMAP (RFC)

Tom Ritter tom at ritter.vg
Wed Apr 15 21:11:07 PDT 2015

On 8 April 2015 at 07:37, Tankred Hase <tankred at whiteout.io> wrote:
> Hi there,
> we've updated our private key synchronization protocol. The new
> version was developed together with Cure53 and it's much simpler than
> the old protocol:
> https://blog.whiteout.io/2015/04/08/secure-pgp-key-sync-a-proposal-contd/
> The Enigmail developers have also expressed interest, so we would be
> open to standardize it as an RFC if enough vendors back it.

This is cool.

 - Can you name it something else?  Like zzzzzzzzz_openpgp_keys? We're
going to have to scroll past this folder you know ;)

 - It seems slightly ambiguous to me, reading the spec, whether you
allow sync of multiple keys or just one.  It seems like multiple would
work, so long as they used the same backup codes.

 - It seems it would be possible (but complicated) to use a
pairing-like protocol to let two online devices to pair using
something like a SAS, and it could still work through IMAP. (probably.
I don't know the refresh rate of IMAP.)

 - Have you considered letting users sync more than private keys?
What about my public keyring? (Including, for example local


More information about the Messaging mailing list