what's necessary before new OpenPGP keys are used?
kaie at kuix.de
Thu Dec 5 17:33:35 UTC 2019
Changing subject, to make it clear this discussion is no longer about
On 05.12.19 17:53, Ben Bucksch wrote:
> Maybe I missed it. It seems implicit, but I haven't read it explicitly:
You haven't missed it. We haven't yet presented a a design for the user
interface and interaction.
> Will we use key for communications partners that send me plain text
> emails with a key, and I do not know a key for that person yet? Will
> encryption then happen automatically for my answer, and use that key
> from now now?
I suggest the user should be required to opt in whenever using a
correspondent's key for the first time.
Further I suggest: As soon as Alice has opted in to use Bob's key for
encryption (with or without doing a full verification), then Alice's
Thunderbird will continue to use Bob's key for future outgoing encrypted
email, without further need to confirm.
However, as soon as we detect an ambiguity, like, a new key for Bob has
either been received by email or discovered on some key publication
service, we should go back to a "needs review" state, in which Alice
should be presented with the ambiguity, and requested to resolve it.
As part of the request to resolve the ambiguity, we could show
statistical information, like, that the previous key has already been
used 20 times for sending encrypted email to Bob, and the new key having
never been used yet.
This is still brainstorming quality, and I intend to work with Alex to
work out an initial proposal, prior to presenting it.
More information about the tb-planning