what's necessary before new OpenPGP keys are used?

Kai Engert kaie at kuix.de
Thu Dec 5 17:33:35 UTC 2019

Changing subject, to make it clear this discussion is no longer about 

On 05.12.19 17:53, Ben Bucksch wrote:
> Maybe I missed it. It seems implicit, but I haven't read it explicitly:

You haven't missed it. We haven't yet presented a a design for the user 
interface and interaction.

> Will we use key for communications partners that send me plain text 
> emails with a key, and I do not know a key for that person yet? Will 
> encryption then happen automatically for my answer, and use that key 
> from now now?

I suggest the user should be required to opt in whenever using a 
correspondent's key for the first time.

Further I suggest: As soon as Alice has opted in to use Bob's key for 
encryption (with or without doing a full verification), then Alice's 
Thunderbird will continue to use Bob's key for future outgoing encrypted 
email, without further need to confirm.

However, as soon as we detect an ambiguity, like, a new key for Bob has 
either been received by email or discovered on some key publication 
service, we should go back to a "needs review" state, in which Alice 
should be presented with the ambiguity, and requested to resolve it.

As part of the request to resolve the ambiguity, we could show 
statistical information, like, that the previous key has already been 
used 20 times for sending encrypted email to Bob, and the new key having 
never been used yet.

This is still brainstorming quality, and I intend to work with Alex to 
work out an initial proposal, prior to presenting it.


More information about the tb-planning mailing list