INBOME comments

Neal H. Walfield neal at
Wed Dec 14 13:26:51 CET 2016

On Tue, 06 Dec 2016 16:58:46 +0100,
Daniel Kahn Gillmor wrote:
> >  - In the group communication example, Alice sends a message to Bob
> >    and Carol at which point Bob and Carol learn about Alice's INBOME
> >    preferences.  Why doesn't Alice also include Bob and Carol's latest
> >    IMBOME header so that Bob and Carol can immediately learn about
> >    Carol and Bob's keys, respectively, without additional
> >    interactions?
> While i think something like that could be useful, we need to be
> extremely cautious about the consequences of allowing "drive-by" INBOME
> data.  The analogy in the DNS world is "cache poisoning".  If i can set,
> clear, or reset your INBOME data for someone else even if i don't have
> access to the communitions channel, what are the consequences for your
> future communications?

I'd like to add that I appreciate it when people send me keys or
fingerprints of others who are in cc.  It makes following up so much
easier.  If the keys were automatically imported and marked as having
been provided by a particular person, that would be even better.

More information about the Gnupg-devel mailing list