WKD: conveying intent of encrypt-by-default?

[Phil Pennock]

On 2022-10-04 at 20:00 -0400, Daniel Kahn Gillmor wrote:
> Autocrypt's focus is ubiquitous deployment of keying material (in the
> form of OpenPGP certificates) so that people *can* encrypt when sending
> mail.  We found that one of the big risks is that a peer might
> *automatically* encrypt when a cert is available, which becomes
> burdensome for a user who does not have the ability to easily decrypt
> messages.  We don't want burdened users to stop distributing their cert
> entirely because of this annoyance or frustration.

This.

> Getting clients to respect this setting if published in WKD (or that the
> lack of it means "do not encrypt by default") is an entirely different
> subject, of course.  And i know you said "no Protonmail rants" so i
> won't call them out specifically here, but MUA developers generally
> really do need to take the ecosystem effects of their choices seriously.
> Any MUA that promiscuously encrypts *by default* to someone who has not
> clearly indicated that they are comfortable with every inbound message
> being encrypted is inviting that user to see encrypted e-mail as a
> hindrance and an annoyance.  That's not a great way to spread the
> capability of people actually being able to use encrypted mail when it
> matters, or to help people through a process of gradual adoption.

Exactly this.  We need encryption _available_, but culturally
"encrypt-by-default" is not going to fly.

Almost all email usage locally is Gmail, with the browser app or the
official Gmail mobile apps.  That is not going to change.

We have to have a sensible means of key discovery for exchanging
encrypted mail _when the situation warrants it_, such as distributing
sensitive data or receiving security reports.  This is not about
signing.  This is about using encrypted content being a PITA for most
people.

The clients encrypting all mail by default are killing the use of
OpenPGP and MIME-integrated PGP-encrypted email locally.  It's another
hammer in the coffin-lid of PGP's reputation as a reasonable technical
solution for the problem spaces we care about.

It is not hyperbole to say that this one issue has done more to drive
the use of "age" encryption (with copy/paste into and out of emails as
intact ASCII-armored blobs) than anything else.  And age armored
ciphertext pasted into Slack.  It might seem clunky, but it works
reliably and it aligns with cultural expectation of "only use this for
things which really need the protection, otherwise just rely upon TLS
and professional service operators".  TLS for SMTP is not end-to-end,
but it turns out to be "good enough" for most daily usage, particularly
within a domain or with a few business partners.

-Phil