Vincent Breitmoser wrote in <[email protected]>: | |> Especially if the key is shipped alongside the message already | |Are you sure that it is though? Seems to me you're giving out ill-informed |advice here.
Bad advice of mine yes, PGP does not do it the way S/MIME does it. Sorry, this was not truly intended, i am more used to CMS and S/MIME, it just came "naturally" out of me. Side-channel free, so to say ;} But you could send a signed message with the public key attached (as application/pgp-keys even?) to the person you want to henceforth communicate encrypted and/or signed. You need some kind of web of trust to make this fly, however. But it would make it clear that you have the private counterpart. I do stand to my opinion on the Autocrypt header beside that. I think the OpenPGP: header with a reference to safe transport for fetching possibilities is more kind and social, and safer, too. | - V --End of <[email protected]> --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt) _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
