STEED - Usable end-to-end encryption

kwadronaut kwadronaut at autistici.org
Wed Mar 7 12:14:36 CET 2012


On Mon, 17 Oct 2011 20:11:29 +0200, Werner Koch wrote:
> of the whole system.  We prepared a short paper; if you are interested

Some suggestions and questions, some are applicable to the paper while 
others might be more suited for a FAQ section on the website:

* More pictures.

* You're suggesting to 'to allow easy integration with the MUA it may be 
better to move the contact database into GnuPG proper.' I first read that 
as duplicating functionality of, for example, existing Directory Servers. 
Is that correct? If it isn't, maybe that paragraph could be clarified.

* Address the concerns some have about DNSSEC (see Micah Andersons' mail 
from Fri 28 Oct 2011). Those concerns are mostly valid for TUFC if you 
don't rely on more traditional mechanisms like the WOT.

* Address the size-concerns some (many?) have about publishing key 
material in DNS. I know about EDNS0 and TCP, but there's a myriad of 
firewalls and DNS-servers not being able to properly deal with that. IPv6 
deployment is luckily (bit by bit) making more DNS-servers accessible to 
answers that are >512 bytes, but it's still a challenge. 

* in the conventions section you're listing GPGME as 'GnuPG Made Easy An 
application library used to access the feature of GnuPG.' I'd write 
features, in plural, don't be too modest ;-)

* When suggesting DNS, IPGP records seem to make most sense to me, given 
the problems a lot of DNS-servers have with size. PKA and IPGP both 
require some other place to actually store the key. How do you picture 
solving that? Anyone has other suggestions or feedback on this?

Maybe this list has more ideas on incentives for e-mail providers for 
this?

kwadronaut




More information about the Gnupg-devel mailing list