what's necessary before new OpenPGP keys are used?

Wiktor Kwapisiewicz wiktor at metacode.biz
Thu Dec 5 18:10:23 UTC 2019

Hi Kai,

On 05.12.2019 18:33, Kai Engert wrote:
> Further I suggest: As soon as Alice has opted in to use Bob's key for 
> encryption (with or without doing a full verification), then Alice's 
> Thunderbird will continue to use Bob's key for future outgoing encrypted 
> email, without further need to confirm.

That's a good idea. I hope "the same key" will mean the same primary key 
fingerprint and that updating other components (like subkeys) won't 
trigger the "key ambiguity" logic.

Additionally some WKD clients (such as GnuPG) automatically re-fetch 
keys via WKD when they expire. It would be nice to at least consider the 
case that the recipient key expired and that's nothing bad it just needs 
to be refreshed. (That's of course not the same as key being revoked).

> As part of the request to resolve the ambiguity, we could show 
> statistical information, like, that the previous key has already been 
> used 20 times for sending encrypted email to Bob, and the new key having 
> never been used yet.

This seems similar to GnuPG's "tofu" trust model:


(I'm posting this just for reference and cross-checking ideas, *not* 
suggesting to use GnuPG).

Kind regards,


More information about the tb-planning mailing list