FAQ: seeking consensus

Steffen Nurpmeso steffen at sdaoden.eu
Mon Oct 21 18:09:08 CEST 2019


Vincent Breitmoser wrote in <2UJQOP6NMJE80.2FS52GC36TCEU at my.amazin.horse>:
 |
 |> Especially if the key is shipped alongside the message already
 |
 |Are you sure that it is though? Seems to me you're giving out ill-informed
 |advice here.

Bad advice of mine yes, PGP does not do it the way S/MIME does it.
Sorry, this was not truly intended, i am more used to CMS and
S/MIME, it just came "naturally" out of me.  Side-channel free, so
to say ;}

But you could send a signed message with the public key attached
(as application/pgp-keys even?) to the person you want to
henceforth communicate encrypted and/or signed.  You need some
kind of web of trust to make this fly, however.  But it would
make it clear that you have the private counterpart.

I do stand to my opinion on the Autocrypt header beside that.
I think the OpenPGP: header with a reference to safe transport for
fetching possibilities is more kind and social, and safer, too.

 | - V
 --End of <2UJQOP6NMJE80.2FS52GC36TCEU at my.amazin.horse>

--steffen
|
|Der Kragenbaer,                The moon bear,
|der holt sich munter           he cheerfully and one by one
|einen nach dem anderen runter  wa.ks himself off
|(By Robert Gernhardt)



More information about the Gnupg-users mailing list