STEED - Usable end-to-end encryption
kwadronaut
kwadronaut at autistici.org
Wed Mar 7 12:14:36 CET 2012
On Mon, 17 Oct 2011 20:11:29 +0200, Werner Koch wrote:
> of the whole system. We prepared a short paper; if you are interested
Some suggestions and questions, some are applicable to the paper while
others might be more suited for a FAQ section on the website:
* More pictures.
* You're suggesting to 'to allow easy integration with the MUA it may be
better to move the contact database into GnuPG proper.' I first read that
as duplicating functionality of, for example, existing Directory Servers.
Is that correct? If it isn't, maybe that paragraph could be clarified.
* Address the concerns some have about DNSSEC (see Micah Andersons' mail
from Fri 28 Oct 2011). Those concerns are mostly valid for TUFC if you
don't rely on more traditional mechanisms like the WOT.
* Address the size-concerns some (many?) have about publishing key
material in DNS. I know about EDNS0 and TCP, but there's a myriad of
firewalls and DNS-servers not being able to properly deal with that. IPv6
deployment is luckily (bit by bit) making more DNS-servers accessible to
answers that are >512 bytes, but it's still a challenge.
* in the conventions section you're listing GPGME as 'GnuPG Made Easy An
application library used to access the feature of GnuPG.' I'd write
features, in plural, don't be too modest ;-)
* When suggesting DNS, IPGP records seem to make most sense to me, given
the problems a lot of DNS-servers have with size. PKA and IPGP both
require some other place to actually store the key. How do you picture
solving that? Anyone has other suggestions or feedback on this?
Maybe this list has more ideas on incentives for e-mail providers for
this?
kwadronaut
More information about the Gnupg-users
mailing list