Frank wrote:
> * Provide a straightforward procedure to send another user your
> public key (read: your self-signed X.509v3 certificate) so that
> they can then send you encrypted email.
I was just thinking the same thing: it sends a somewhat-preformatted
message, which the other mailer can recognize and handle specially.
Perhaps the message could prominently feature the fingerprint, and the
receiving mailer would invite the user to either validate the
fingerprint, or decide if the "additional text" is enough to trust the
message.
Ben wrote:
> An alternate (non-exclusive) approach would be to have some kind of
> "key servers", similar to the PGP ones. We could use the LDAP server
But then you have to trust the key servers, and we're back where we
started.
(I do like finding certs by ldap, mind you. One of the models I had in
mind when doing the cryptoki database stuff was that a locally-installed
cert would be used to validate an ldaps connection over which further
certs and trust data were fetched.)
> Problem: What should be done, when no cert can be found? Should the
> user send unencrpted then? SaveAsDraft, ask recipient for cert
> manually, then resend?
If we go down the path of specially-regognized messages, we could also
have a "button" to generate a cert request message: pre-filled, and the
user can add additional text. The receiving mailer would show the mail
as a form, "so-and-so is asking for your public key, send it?" with the
additional text. (And if they don't have a key yet, invite them to
generate one.) Yeah, it's icing, but it might make it easier to get the
stuff used. (Really sweet icing would be that when the reply comes
back, the pending mail (either in Drafts, or the open window) visibly
changes to indicate "you can send it now.")
Oh, and we should have an easy way of attaching someone else's key to a
message, so people can introduce others. The receiving side starts
building up its chains of trust..
> But a dialog has to be answered immediately.
I agree that popups are intrusive. I like the question mark on the
icon. What's the current thinking on popups with "don't show this
again" buttons? If they're still okay, we could have one of those
saying to click on the question mark. And certainly the form under the
question mark should have a "defer" option, specifically for out-of-band
verification.
Michael wrote:
> X.509 certificates expire (usually after a year).
This reminds me: some form of auto cert renewal should work for this,
too.
--
Frederick. Note: I'm roeber at didyma dot org, not org dot didyma.
