[messaging] On Signed-Only Mails

Trevor Perrin trevp at trevp.net
Sun Dec 4 15:47:15 PST 2016


On Sun, Dec 4, 2016 at 12:14 PM, Ben Laurie <ben at links.org> wrote:
>
> On 3 December 2016 at 19:13, Trevor Perrin <trevp at trevp.net> wrote:
> >
> > If all you need is a signal telling the recipient to encrypt future messages
> > with a public key fetched via WKD then the signal could be anything:  For
> > example, an email header "X-OpenPGP-WKD: True".  No signature needed.
>
> I know nothing of WKD, but if your public key is not associated with
> content I value, why would I trust some random server to give me a
> correct key?

The idea seems to be that the sender looks up the recipient's public
key from a "Web Key Directory" hosted at a well-known URL in the
recipient's domain.

The sender can authenticate the WKD via TLS, similar to how the
recipient's MTA might be authenticated by the sender's MTA.

The WKD doesn't provide end-to-end authentication, which could be done
afterwards (checking fingerprints, signatures, TOFU, etc).  But I
think the goal is for the WKD to be reliable enough that senders can
automatically encrypt to public keys from a WKD.

If it achieves that (which is a separate question), then you don't
need to put anything in your emails beyond an advertisement "I support
WKD".

They're also contemplating a "fallback" case where you lookup a public
key from a less reliable source (PGP key servers), and in that case
you might want to advertise in your emails "my public key has this
fingerprint: <abc...>".

But I don't think signed-only emails are needed for either of these cases.

Trevor


More information about the Messaging mailing list