Autocrypt header field

Autocrypt header field

[Richard Stallman]

[[[ To any NSA and FBI agents reading my email: please consider    ]]]
[[[ whether defending the US Constitution against all enemies,     ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]

I just got an email with an Autocrypt header field.
Rmail doesn't know how to make use of that.
Would someone like to implement that, for Rmail and Gnus?
Or at least start by reporting what the contents mean,
what formats, etc?

-- 
Dr Richard Stallman
President, Free Software Foundation (https://gnu.org, https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)
Skype: No way! See https://stallman.org/skype.html.

Re: Autocrypt header field

[Robert Pluim]

Richard Stallman <rms@gnu.org> writes:

> I just got an email with an Autocrypt header field.
> Rmail doesn't know how to make use of that.
> Would someone like to implement that, for Rmail and Gnus?
> Or at least start by reporting what the contents mean,
> what formats, etc?

It contains the public portion of the sender's PGP key, which would
allow you to sign/encrypt an eventual reply (which should of course
also contain an Autocrypt header).

What level of support were you thinking of? The Autocrypt
recommendations include a whole bunch of PGP key generation and setup
messaging that I'm not convinced are necessary. Snarfing the key from
the header and adding it to the user's keyring should be easy enough. [1]

Robert

Footnotes: 
[1]  Or should this go to a separate Autocrypt keyring?

Re: Autocrypt header field

[Richard Stallman]

[[[ To any NSA and FBI agents reading my email: please consider    ]]]
[[[ whether defending the US Constitution against all enemies,     ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]

  > What level of support were you thinking of? The Autocrypt
  > recommendations include a whole bunch of PGP key generation and setup
  > messaging that I'm not convinced are necessary.

We should consult an expert such as Werner Koch about that.

						    Snarfing the key from
  > the header and adding it to the user's keyring should be easy enough. [1]

I suppose that is the job to be done; you've raised the question of how
to do that right.

  > [1]  Or should this go to a separate Autocrypt keyring?

I never heard of Autocrypt before.  What would be the reason for doing
that?

-- 
Dr Richard Stallman
President, Free Software Foundation (https://gnu.org, https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)
Skype: No way! See https://stallman.org/skype.html.

Re: Autocrypt header field

[Robert Pluim]

Richard Stallman <rms@gnu.org> writes:

> [[[ To any NSA and FBI agents reading my email: please consider    ]]]
> [[[ whether defending the US Constitution against all enemies,     ]]]
> [[[ foreign or domestic, requires you to follow Snowden's example. ]]]
>
>   > What level of support were you thinking of? The Autocrypt
>   > recommendations include a whole bunch of PGP key generation and setup
>   > messaging that I'm not convinced are necessary.
>
> We should consult an expert such as Werner Koch about that.

I was unclear: Autocrypt has a setup procedure that involves
generating a new PGP key specifically for use with it, and producing a
setup email message containing that key. Many users will probably
already have a PGP key that they would prefer to use instead,
obviating the need for such setup.

> 						    Snarfing the key from
>   > the header and adding it to the user's keyring should be easy enough. [1]
>
> I suppose that is the job to be done; you've raised the question of how
> to do that right.
>

That's part of what needs to be done. Once the keys are stored
somewhere, a decision then needs to be made on a per-message basis as
to whether or not to sign/encrypt, the keys need to be kept track of
in case they change, and probably more (I haven't committed the
Autocrypt specification to memory)

>   > [1]  Or should this go to a separate Autocrypt keyring?
>
> I never heard of Autocrypt before.  What would be the reason for doing
> that?

It's a whole new method for automatically signing email. People might
not want emacs to start adding keys to their default keyring
automatically. In the only other similar case I know of, namely elpa
package signature checking, a separate keyring is created.

Robert

Re: Autocrypt header field

[Richard Stallman]

[[[ To any NSA and FBI agents reading my email: please consider    ]]]
[[[ whether defending the US Constitution against all enemies,     ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]

  > It's a whole new method for automatically signing email. People might
  > not want emacs to start adding keys to their default keyring
  > automatically. In the only other similar case I know of, namely elpa
  > package signature checking, a separate keyring is created.

That seems like a plausible argument.

Would you like to implement support for Autocrypt
in the right way?

-- 
Dr Richard Stallman
President, Free Software Foundation (https://gnu.org, https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)
Skype: No way! See https://stallman.org/skype.html.