Request for Discussion: new/PubKeyDistributionConcept/FallbackServer

[Bernhard Reiter]

Am Dienstag, 14. Juni 2016 14:25:20 schrieb Neal H. Walfield:
> Before I comment: what an MSP?  

MSP: mail service provider 

(I've just taken the abbreviation from the wiki page. 
It makes sense to read it first anyway.)

> What does "significantly add to `validity level' mean?

Getting a pubkey from a MSP operated WKD should add a medium amount
to the level of "how much do I believe that this pubkey belongs 
the owner of the email address that I am looking for".

Medium because it will have to be a lot more than the contribution I get from 
having communicated with pubkey A and user U once or a couple of time.
Only medium because other sources of validity will be necessary to detect
malicious behaviour, so they must be able to get over medium for these 
scenarios.

This mainly documents my mental model how a good and secure user experience
can be constructed in the future. I know that Werner's model is different.
We need a way to get this exposed and talked about.

Best,
Bernhard
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20160614/9b4d8d7a/attachment.sig>