STEED - Usable end-to-end encryption

[Harakiri]

--- On Mon, 10/17/11, Werner Koch <wk at gnupg.org> wrote:

> From: Werner Koch <wk at gnupg.org>
> Subject: STEED - Usable end-to-end encryption
> To: gnupg-devel at gnupg.org
> Cc: "Marcus Brinkmann" <marcus at gnu.org>, gnupg-users at gnupg.org
> Date: Monday, October 17, 2011, 2:11 PM
> Hi!

> 
>   http://g10code.com/docs/steed-usable-e2ee.pdf
> 
> There is also a brief (for now) web page dedicated to this
> project:
> 
>   http://g10code.com/steed.html

Here is some input, you might not like it - but still:

I dont see any ground breaking new approaches to the topic - key search via DNS has been in commercial products for over 10 years already - nothing new - heck isnt there even an RFC that describes this?

Letting the keys automatically be generated by the client is not a new approach either commercial solutions do this too - however - did you think of the keys the user already has? His ID for example - you are sponsored by the german government - the first thing which should have come into your mind is that everybody can use his "Personalausweis" as a Smartcard because it already has a private/public keypair. Other european countries could follow...

Also - inventing just ANOTHER protocol for email encryption that mail clients should implement? Heck, the only protocol available in all major mail clients right now for out of the box encryption is only smime - for PGP you need plugins - even after so many years there is no out of the box solution for the other major standard - lets not talk about all the compatibility issues with smime in all existing clients. And you just want add another NEW standard which will solve issues? I dont think so.

Use existing tools most user have installed on his machine by default - work with these and get a suiteable end-to-end encryption going!