On Sun, Dec 4, 2016 at 12:14 PM, Ben Laurie <b...@links.org> wrote: > > On 3 December 2016 at 19:13, Trevor Perrin <tr...@trevp.net> wrote: > > > > If all you need is a signal telling the recipient to encrypt future messages > > with a public key fetched via WKD then the signal could be anything: For > > example, an email header "X-OpenPGP-WKD: True". No signature needed. > > I know nothing of WKD, but if your public key is not associated with > content I value, why would I trust some random server to give me a > correct key?
The idea seems to be that the sender looks up the recipient's public key from a "Web Key Directory" hosted at a well-known URL in the recipient's domain. The sender can authenticate the WKD via TLS, similar to how the recipient's MTA might be authenticated by the sender's MTA. The WKD doesn't provide end-to-end authentication, which could be done afterwards (checking fingerprints, signatures, TOFU, etc). But I think the goal is for the WKD to be reliable enough that senders can automatically encrypt to public keys from a WKD. If it achieves that (which is a separate question), then you don't need to put anything in your emails beyond an advertisement "I support WKD". They're also contemplating a "fallback" case where you lookup a public key from a less reliable source (PGP key servers), and in that case you might want to advertise in your emails "my public key has this fingerprint: <abc...>". But I don't think signed-only emails are needed for either of these cases. Trevor _______________________________________________ Messaging mailing list Messaging@moderncrypto.org https://moderncrypto.org/mailman/listinfo/messaging
