Open
Bug 1595233
Opened 5 years ago
Updated 2 years ago
[OpenPGP tracker] Retrieval mechanisms for public keys and revocations
Categories
(MailNews Core :: Security: OpenPGP, enhancement)
MailNews Core
Security: OpenPGP
Tracking
(Not tracked)
NEW
People
(Reporter: KaiE, Unassigned)
References
Details
(Keywords: meta)
No description provided.
Comment 1•5 years ago
|
||
We have:
- attachments of files to outgoing e-mails.
This is privacy preserving and doesn't need a central place to work. Some people might be confused about the attached keys if their mail client doesn't hide it from them. You don't want to hide encrypted attachments though. - DANE/PGPKEY (and SMIMEA) -Records, requires DNSSEC Support and support from the receivers mail-provider.
- WKD (Web Key Directory), also under the authority of the mail provider domain, just different protocl and well known directory this time.
- classic PGP keyservers. Leaks the intended recipient of your mail and you might suffer from dos and outdated keys depending on the keyserver.
- AutoCrypt, creates a stripped version of your key and puts it into the mail headers.
I think we should go with the first option by default and allow the users to opt into the others if needed.
This ensures compatibility with existing solutions for encrypted mails while maintaining the users privacy and being independent of provider support.
Reporter | ||
Comment 3•5 years ago
|
||
Importing of a public key that is attached to a received email is working (without trust assignment yet).
According to bug1631198, manual import of Autocrypt public key (from received mail header) should work.
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•