WKD: conveying intent of encrypt-by-default?

Daniel Bossert bosdan at protonmail.com
Fri Oct 14 07:47:07 CEST 2022


> Getting clients to respect this setting if published in WKD (or that the
> lack of it means "do not encrypt by default") is an entirely different
> subject, of course.  And i know you said "no Protonmail rants" so i
> won't call them out specifically here, but MUA developers generally
> really do need to take the ecosystem effects of their choices seriously.
> Any MUA that promiscuously encrypts *by default* to someone who has not
> clearly indicated that they are comfortable with every inbound message
> being encrypted is inviting that user to see encrypted e-mail as a
> hindrance and an annoyance.  That's not a great way to spread the
> capability of people actually being able to use encrypted mail when it
> matters, or to help people through a process of gradual adoption.

Yes, I use protonmail, beside others. I opened an testaccount with
mailbox.org, which offers you to encrypt all incoming messages with your
public key if you specify it in the settings with their
no-reply at mailbox.org private key.

I have also tutanota, as it offers easily to send encrypted emails
through an agreed password.
Still searching the best way to go where I have all sent emails
encrypted locally as well even they the mail to the receiver can't be

At which point are you willing to compromise? If course it is not ideal
if proton has even the private key even without entering a passphrase
for it. But they do it with the intention to get more encrypted mails on
the transport.

Oh dear I should meet you guys and discuss in person. Many questions
around, I certainly do not best-practice but take it more and more
easier this topic.

If I allow mailbox.org to encrypt all my messages then i do so
intentionally. protonmails are encrypted too, but I always see them
cleartext as the pgp-stuff as handled in the background unknowingly to
the user.

> We have to have a sensible means of key discovery for exchanging
> encrypted mail _when the situation warrants it_, such as distributing
> sensitive data or receiving security reports.  This is not about
> signing.  This is about using encrypted content being a PITA for most
> people.

Thunderbird has an autodiscovery feature to search for public keys.

> It is not hyperbole to say that this one issue has done more to drive
> and professional service operators".  TLS for SMTP is not end-to-end,
> but it turns out to be "good enough" for most daily usage, particularly
> within a domain or with a few business partners.

I just had cryptography in my bachelor and the teacher said the way to
go is not TLS between servers as the mails still could be read. And that
it's likely not gonna be implemented. Yes, right in the sense as the
mail still can be read on the mailserver, but it would still help so
they can't just get read. But first the servers should shut down
TLS1.0/1.1; still too many with that protocol around.

My two cents..

More information about the Gnupg-users mailing list