https://bugs.kde.org/show_bug.cgi?id=209319
--- Comment #5 from Arne Babenhauserheide <[email protected]> --- At Sat, 04 Jan 2014 10:42:20 +0000, Hauke Laging wrote: > In other words: If I get 100 emails from you then I get 100 copies of your > certificate, making the search for emails with an attachment completely > useless? Are you serious about that, do you want to get rid of your > friends...? This is a non-issue for me: I also sign all email I send (attaches a *.asc file), so another attachment does not affect the search for mails with attachments. The lternative is an inline-signature - which might actually get some people to stop reading my mails. It would be nice, if most mail clients would show signatures differently than regular attachments, but for that to become a reality, more people need to sign their emails. The only problem I see is the possibly large size of the keys with all their signatures. > And you are aware that only the key owner should change public versions of his > certificate? Maybe he doesn't want your certification to be seen on his key. > Of > course, you can avoid this problem with some above average crypto knowledge... You could just encrypt the recipients keys to the recipients automatically. Then they can decide whether they want to spread your signature. Note, though, that every signature is effectively public except if both participants already have crypto-knowledge. The others keys could be stripped, so they only contain my signature (reducing the size of those keys). > > Along with the option to automatically import any attached GnuPG key, that > > would open the possiblity of using GnuPG without the need for central > > keyservers: If I sign a key, its owner will automatically get the updated > > version once he gets an email from me. > > Why not act like the rest of the world and send the certificate to the key > owner immediately after creating it? 99% of the users don't care about this > problem. The 1% can send you a mail and ask for the others' certificates. Because that currently does not work. How many people actually use GnuPG? I'd be happy to see another solution, though. > The problem you mention does exist but has to be solved at another layer. This > will probably be done by moving the responsibility for keyservers to the mail > server owner (who knows that you send the mail anyway). Will the mail-servers I currently use support this? I fear that without legislative action, this will only increase the incompatibility problems - because the public does not know crypto. What I wish for is a seamless GnuPG experience: Setup the key once, the maybe say "yes, I want to include this signature" from time to time and otherwise just get encrypted email wherever both participants have GnuPG - starting at least from the first *answer*. An advantage here is, that I am not dependent on the mail provider to supply the feature (there are far less mail-clients that mail-providers) and that there is no need for a public list of existing keys. Best wishes, Arne -- You are receiving this mail because: You are the assignee for the bug. _______________________________________________ Kdepim-bugs mailing list [email protected] https://mail.kde.org/mailman/listinfo/kdepim-bugs
