[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [openpgp] OpenPGP private certification



On Wed,  8 Apr 2015 15:05, phill@xxxxxxxxxxxxxxx said:

> My point here is that if we want to get a billion people using
> encrypted mail then it has to offer iPhone class usability, not OK for
> 1990s usability.

If that is the goal you only need to care about 140 character messages
or other useless status messages ;-).

Actually I prefer 1990s use of mail instead of todays 50% of mails are
going through Compuserve^WGmail.  But yeah, I am on a lost position with
that.

> There are plenty of ways that the scheme could be fixed. Since key
> server enrollment can be made automatic, it would be pretty easy to
> renew the enrollment once every n months and discard keys that have

It is about mail.  Mail addresses are defined by the DNS.  Bind the keys
to the DNS and your are done.  This needs support from the mail
providers, though.

I doubt that we will be able to deploy a large, encrypted, anonymous,
and decentralized mail network unless we can build upon a transport
layer to solve the basic problems of todays Internet.  For now we need
the help of some central services to get things going.

> Having the key servers continue to regurgitate false or stale data
> forever because there is no way to stop them does not seem like an
> acceptable plan to me.

Think of signature verification.  It should work even after a mail/key
association has been disolved for example after a provider change.  I
agree that this is onluy a problem for a smaller group but this is
something a keyserver network can be useful even after the migration of
the public key store from keyserver to more controlled service (DNS,
Web, whatever).  Deleting keys from the keyservers is thus not going to
work.


Shalom-Salam,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

_______________________________________________
openpgp mailing list
openpgp@xxxxxxxx
https://www.ietf.org/mailman/listinfo/openpgp