Key Discovery Made Simple
Ingo Klöcker
kloecker at kde.org
Tue Aug 30 21:02:40 CEST 2016
On Tuesday 30 August 2016 14:12:15 Robert J. Hansen wrote:
> > A plain text copy is below. If you have comments, please send them as
> > reply.
> I hate to be the one to rain on this parade, but this seems like a mistake.
>
> > GnuPG 2.1 provides an simple but efficient solution to store a key
> > under a well known URL and lookup it up via https.
>
> Most of our users don't run their own domains, don't have full authority
> over the mail server, and don't have webservers that can deliver static
> pages over TLS. A solution that depends on this trifecta of capabilities
> should not be called "simple". Just getting TLS running on a webserver can
> be a frustrating ordeal.
>
> IMO, GnuPG development should be guided by a concern for regular users, not
> power users. I'd like it if we could aim new features at regular users.
The web key discovery _is_ aimed at regular users. Werner's message suggest
that KMail's development version does already support this new key discovery
protocol which makes key discovery for users of KMail much easier. Moreover,
apparently, KMail also supports publishing the user's key this way. I'm sure
enigmail will soon also support WKS. Devil's advocate: "Regular users don't
use Thunderbird+Enigmail, let alone KMail. Regular users either use webmail or
a corporate email client like Outlook. WKS is of no use for them."
Of course, setting up WKS for a domain is non-trivial and nothing regular
users will do. But, hopefully, some email providers of those regular users
will do it. I'm pretty sure that sane email providers like posteo.de, etc.
will implement it. Devil's advocate: "Regular users don't use email providers
that are not gratis. They use gmail, gmx, yahoo, etc. And corporate users use
the mail server of their corporation. WKS is of no use for them."
Then again "regular users" don't care for encryption at all. "Regular users"
use facebook and whatsapp and God knows what else. Ironically, users of
whatsapp get end-to-end encryption even though they don't care. As long as
email encryption is not as easy as with whatsapp and other chat apps that
sport end-to-end encryption without requiring any additional user interaction
whatsoever, email encryption will never be used by regular users.
(Incidentally, I'm currently reading Greenwald's No Place to Hide. The first
chapter clearly demonstrates that even regular users who know that they would
better use encryption will not take the necessary steps unless they do not
have to take any necessary steps in the first place.)
Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20160830/8066658c/attachment.sig>
More information about the Gnupg-users
mailing list