Key Discovery Made Simple

Ingo Klöcker kloecker at
Tue Aug 30 21:02:40 CEST 2016

On Tuesday 30 August 2016 14:12:15 Robert J. Hansen wrote:
> > A plain text copy is below.  If you have comments, please send them as
> > reply.
> I hate to be the one to rain on this parade, but this seems like a mistake.
> >   GnuPG 2.1 provides an simple but efficient solution to store a key
> >   under a well known URL and lookup it up via https.
> Most of our users don't run their own domains, don't have full authority
> over the mail server, and don't have webservers that can deliver static
> pages over TLS.  A solution that depends on this trifecta of capabilities
> should not be called "simple".  Just getting TLS running on a webserver can
> be a frustrating ordeal.
> IMO, GnuPG development should be guided by a concern for regular users, not
> power users.  I'd like it if we could aim new features at regular users.

The web key discovery _is_ aimed at regular users. Werner's message suggest 
that KMail's development version does already support this new key discovery 
protocol which makes key discovery for users of KMail much easier. Moreover, 
apparently, KMail also supports publishing the user's key this way. I'm sure 
enigmail will soon also support WKS. Devil's advocate: "Regular users don't 
use Thunderbird+Enigmail, let alone KMail. Regular users either use webmail or 
a corporate email client like Outlook. WKS is of no use for them."

Of course, setting up WKS for a domain is non-trivial and nothing regular 
users will do. But, hopefully, some email providers of those regular users 
will do it. I'm pretty sure that sane email providers like, etc. 
will implement it. Devil's advocate: "Regular users don't use email providers 
that are not gratis. They use gmail, gmx, yahoo, etc. And corporate users use 
the mail server of their corporation. WKS is of no use for them."

Then again "regular users" don't care for encryption at all. "Regular users" 
use facebook and whatsapp and God knows what else. Ironically, users of 
whatsapp get end-to-end encryption even though they don't care. As long as 
email encryption is not as easy as with whatsapp and other chat apps that 
sport end-to-end encryption without requiring any additional user interaction 
whatsoever, email encryption will never be used by regular users. 
(Incidentally, I'm currently reading Greenwald's No Place to Hide. The first 
chapter clearly demonstrates that even regular users who know that they would 
better use encryption will not take the necessary steps unless they do not 
have to take any necessary steps in the first place.)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20160830/8066658c/attachment.sig>

More information about the Gnupg-users mailing list