On 2022-10-04 at 20:00 -0400, Daniel Kahn Gillmor wrote: > Autocrypt's focus is ubiquitous deployment of keying material (in the > form of OpenPGP certificates) so that people *can* encrypt when sending > mail. We found that one of the big risks is that a peer might > *automatically* encrypt when a cert is available, which becomes > burdensome for a user who does not have the ability to easily decrypt > messages. We don't want burdened users to stop distributing their cert > entirely because of this annoyance or frustration.
This. > Getting clients to respect this setting if published in WKD (or that the > lack of it means "do not encrypt by default") is an entirely different > subject, of course. And i know you said "no Protonmail rants" so i > won't call them out specifically here, but MUA developers generally > really do need to take the ecosystem effects of their choices seriously. > Any MUA that promiscuously encrypts *by default* to someone who has not > clearly indicated that they are comfortable with every inbound message > being encrypted is inviting that user to see encrypted e-mail as a > hindrance and an annoyance. That's not a great way to spread the > capability of people actually being able to use encrypted mail when it > matters, or to help people through a process of gradual adoption. Exactly this. We need encryption _available_, but culturally "encrypt-by-default" is not going to fly. Almost all email usage locally is Gmail, with the browser app or the official Gmail mobile apps. That is not going to change. We have to have a sensible means of key discovery for exchanging encrypted mail _when the situation warrants it_, such as distributing sensitive data or receiving security reports. This is not about signing. This is about using encrypted content being a PITA for most people. The clients encrypting all mail by default are killing the use of OpenPGP and MIME-integrated PGP-encrypted email locally. It's another hammer in the coffin-lid of PGP's reputation as a reasonable technical solution for the problem spaces we care about. It is not hyperbole to say that this one issue has done more to drive the use of "age" encryption (with copy/paste into and out of emails as intact ASCII-armored blobs) than anything else. And age armored ciphertext pasted into Slack. It might seem clunky, but it works reliably and it aligns with cultural expectation of "only use this for things which really need the protection, otherwise just rely upon TLS and professional service operators". TLS for SMTP is not end-to-end, but it turns out to be "good enough" for most daily usage, particularly within a domain or with a few business partners. -Phil _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
