IIRC, Autocrypt specifies a way for public keys to be transferred in an email header that's parsed by Autocrypt-aware clients and not rendered or acted upon by non-aware clients. Seems like the best thing going right now.
Thanks for the suggestion. I see your headers. The last time that I tried to get Autocrypt working, it failed due to my unusual local configuration (probably not an Autocrypt issue). I should try again.
In the interim, I placed some new headers in my mail to give people (a) alleged fingerprints, (b) an alleged last-modified hint to help clients keep it refreshed, (c) a pointer to my key (albeit not here one I can update), and (d) a brief advocacy message for humans. I dislike the abbreviation that I used, but I wanted to make my v5 fingerprint fit on one line in a standard 80-column terminal.
Perhaps there should be a standard for such header lines, which MUAs can automagically parse and use without inclusion of the full key in the header of every message. Perhaps there already is, and I don’t know?
**Note to users who trust too much:** These header lines are unauthenticated, and MUST NOT be treated as verified information. My intended threat model here is like Autocrypt.
-- # Remember these on Wednesday, January 15, 2025: https://web.archive.org/web/19971024171609/http://www.eff.org/blueribbon.html https://web.archive.org/web/19971114041230/http://www.eff.org/pub/Legal/Cases/ACLU_v_Reno/19970626_eff_cda.announce https://www.supremecourt.gov/search.aspx?filename=/docket/docketfiles/html/public/23-1122.html
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
