> That is handled by the underlying program you are using to encrypt > your mail, and so has nothng to do with this proposal directly - it's > implementation dependent. Out of scope.
I agree that this problem is out of scope, but it is very important nonetheless. Every time someone hits upon a bright idea to make encrypted communication easier to use they run up against the problem of improving key management. [RS> ] +1 Thank you for pointing that out. It's the one of the core problems usabiligy and implementation. "We have met the enemy and it is us." These schemes, however, only work if the user has access everywhere to their list of trusted keys. Essentially, the authenticity problem gets transformed into an availability problem, and the availability problem is perhaps even harder. Three different free software projects try to securely tackle the availability problem and could form the basis for an agnostic protocol for portable and secure data sync: (1) Firefox Sync https://www.mozilla.org/en-US/mobile/sync/ (2) SpiderOak's Crypton https://crypton.io/ (3) LEAP's Soledad https://leap.se/en/soledad All of these are overkill for the narrow problem of key management. Instead, they try to tackle the general question of secure data synchronization and backup. I think this is probably the proper approach. Our hope with the next version of Soledad is to add federation, so that two or more users on different providers could share a synchronized, searchable, client encrypted database. This could be useful for all kinds of things. -elijah _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
