INBOME comments

[Neal H. Walfield]

Hi!

Unfortunately, it looks like I won't be able to attend the AME
workshop.  Nevertheless, I'd like to share my comments on the INBOME
draft [1].

 - Is there a reason to not build on the "The OpenPGP mail and news
   header field" specification and instead invent a new header [2]?
   (This specification doesn't support transferring the actual keys in
   the headers.  Instead, a key identifier is specified and a URI
   pointing to the key can be provided.)

 - I'm not sure that transferring keys in mail headers is a great
   idea.  For instance, gpg's minimal version of my key is 4.8KB.
   This is the binary version, i.e., it hasn't been ASCII encoded.

   $ gpg --export-options export-minimal --export 0xAACB3243630052D9 | wc -c
   4811

   Do you not view this as a problem?

 - In the group communication example, Alice sends a message to Bob
   and Carol at which point Bob and Carol learn about Alice's INBOME
   preferences.  Why doesn't Alice also include Bob and Carol's latest
   IMBOME header so that Bob and Carol can immediately learn about
   Carol and Bob's keys, respectively, without additional
   interactions?

 - When I described INBOME to Werner, he noted that adoption by mail
   providers will probably be harder than convincing them to adopt
   WKS.  I was initially confused by his statement, because INBOME
   only requires that the MUAs be modified.  He then pointed out that
   most users use webmail.  I'd be interested to hear about how you
   plan to get INBOME widely adopted.

Thanks!

:) Neal

[1] https://inbome.readthedocs.io/en/latest/
[2] https://josefsson.org/openpgp-header/