FAQ: seeking consensus
Steffen Nurpmeso
steffen at sdaoden.eu
Mon Oct 21 18:09:08 CEST 2019
Vincent Breitmoser wrote in <2UJQOP6NMJE80.2FS52GC36TCEU at my.amazin.horse>:
|
|> Especially if the key is shipped alongside the message already
|
|Are you sure that it is though? Seems to me you're giving out ill-informed
|advice here.
Bad advice of mine yes, PGP does not do it the way S/MIME does it.
Sorry, this was not truly intended, i am more used to CMS and
S/MIME, it just came "naturally" out of me. Side-channel free, so
to say ;}
But you could send a signed message with the public key attached
(as application/pgp-keys even?) to the person you want to
henceforth communicate encrypted and/or signed. You need some
kind of web of trust to make this fly, however. But it would
make it clear that you have the private counterpart.
I do stand to my opinion on the Autocrypt header beside that.
I think the OpenPGP: header with a reference to safe transport for
fetching possibilities is more kind and social, and safer, too.
| - V
--End of <2UJQOP6NMJE80.2FS52GC36TCEU at my.amazin.horse>
--steffen
|
|Der Kragenbaer, The moon bear,
|der holt sich munter he cheerfully and one by one
|einen nach dem anderen runter wa.ks himself off
|(By Robert Gernhardt)
More information about the Gnupg-users
mailing list