[messaging] Secure OpenPGP Key Pair Synchronization via IMAP (RFC)

Tankred Hase tankred at whiteout.io
Thu Apr 16 10:23:59 PDT 2015


Hi Tom,

>  - Can you name it something else?  Like zzzzzzzzz_openpgp_keys? We're
> going to have to scroll past this folder you know ;)

Haha :) openpgp_keys is just recommended by the spec. It could be
called something else, but that can of course cause compatibility
problems between different user agents.

>  - It seems slightly ambiguous to me, reading the spec, whether you
> allow sync of multiple keys or just one.  It seems like multiple would
> work, so long as they used the same backup codes.

Multiple keys work just fine. E.g. if a whiteout user revokes their
key and generates a new one there will be two key files in the folder.
The key files will just have different subjects with their respective
key id.

>  - It seems it would be possible (but complicated) to use a
> pairing-like protocol to let two online devices to pair using
> something like a SAS, and it could still work through IMAP. (probably.
> I don't know the refresh rate of IMAP.)
>
>  - Have you considered letting users sync more than private keys?
> What about my public keyring? (Including, for example local
> signatures)

Yes. We've considered syncing manually imported public keys as well.
But since our client fetches most keys automatically anyway this
feature is not of high priority right now
(https://blog.whiteout.io/2015/02/06/making-pgp-key-management-invisible-so-johnny-can-encrypt/).

Tankred

-- 
Whiteout Networks GmbH c/o Werk1
Grafinger Str. 6
D-81671 München
Geschäftsführer: Oliver Gajek
RG München HRB 204479


More information about the Messaging mailing list