= Much easier Email crypto, by fetching pubkey via HTTPS

== How does it work?
As an email user, you just select the recipient(s) and can see that the email will be encrypted.

If you and your peers use email-providers offering this "service",
it works by the first email. Otherwise encryption will start after you have exchanged some emails.


Technically your email client will automatically
* prepare for this by creating a crypto key for you and uploading it to your provider
  (or second best to public keyservers).
* sign all emails so others see that you are ready for crypto (unless you opt out)
* ask the mail provider of your recipients for their pubkeys.

An email-provider supporting privacy can
* provide a pubkey for users via ~HT~TPS, called "web key directory" (WKD).
* allow each user's email client to automatically
  manage the pubkey that gets published by email, called "web key service" (WKS).
* (if offering web-based email:) support the client part as well.


== Details / Discussion

**[[EasyGpg2016/PubkeyDistributionConcept|Pubkey Distribution Concept]] <- the (technical) details**

* 2016-09-08 ~OpenPGP.conf presentation by Werner Koch:
  [[https://www.openpgp-conf.org/program.html#werner|Abstract]]
  [[https://www.openpgp-conf.org/2016/openpgp-2016-simple-key-discovery.pdf|Slides.PDF]]
* 2016-09-08 ~OpenPGP.conf presentation by Bernhard Reiter, pages 21-24
  [[https://www.intevation.de/~bernhard/presentations/201609-openpgpconf/20160908-3bsi-contracts.odp|Slides.ODP]]
  [[https://www.intevation.de/~bernhard/presentations/201609-openpgpconf/20160908-3bsi-contracts.pdf|Slides.PDF]]
* 2016-09-09
  //[[http://www.golem.de/news/web-key-service-openpgp-schluessel-ueber-https-verteilen-1609-123194.html|OpenPGP-Schlüssel über HTTPS verteilen]]// Golem news by Hanno Böck
* 2016-09-11 //[[https://www.heise.de/newsticker/meldung/Spezifikation-fuer-die-Verteilung-von-OpenPGP-Keys-per-HTTPS-veroeffentlicht-3317914.html|Spezifikation für die Verteilung von OpenPGP-Keys per HTTPS veröffentlicht]]// Heise news by Johannes Merkert
* 2016-09-11
  //[[http://lists.gnupg.org/pipermail/gnupg-de/2016-September/000547.html|Anmerkungen zum Web Key Service]]// gnupg-de@ by Werner Koch
* 2017-07-28 Draft 04 of the specs published (see details page linked above).
* 2017-10-10 LWN covers [[https://lwn.net/Articles/735840/|Werner Koch's talk at Kernel Recipies 2017]]

The elaborated proposal is a result of the EasyGpg2016 contract.

== Implementations

=== Current GnuPG 2.2
* WKD lookup since v2.1.12, enabled by default since 2.1.23. Widespread rollout in 2017 because
  the old GnuPG 2.0 is scheduled end-of-life December 2017.

* WKS server and client tools since GnuPG v2.1.14 which may help some providers (especially smaller
  ones) see the [[WKS|Web Key Service page]].

=== Mail User Agents
(Note that mail users agents using a modern GnuPG 2.2 will automatically 
do WKD requests via GnuPG. So they are WKD ready.)

==== Automatic pubkey bootstrapping (using the Web Key Service)
* Thunderbird/[[https://www.enigmail.net/index.php/en/download/changelog|Enigmail 2.0]] comes with WKD lookup and WKS publishing (since 2018-03-25).
* basic (pre-release) Kontact Mail/KMail support (part of EasyGpg2016)
* basic (pre-release) Thunderbird/Enigmail support (part of EasyGpg2016)
* active consideration in planning for mutt
* active consideration in planning for GpgOL (Gpg4win's Outlook Plugin)

=== Mail Service Providers
* [[https://posteo.de/en/|Posteo]] offers web key directory lookup and service for {{{@posteo.de}}}-addresses
  (**Since 2016-12**)
* [[https://netzguerilla.net|netzguerilla]] offers web key directory lookup.  (**Since 2017-10-11**)
* [[https://mailbox.org/en/|mailbox.org]] **plans** to offer web key directory lookup in Q2 2018 
  (coming with [[https://knowledgebase.open-xchange.com/roadmap.html#21|OX Guard 2.10]]).
* (Self)-hosted email servers that run [[https://github.com/vedetta-com/caesonia/|caesonia -  an OpenBSD Email Service]] setup.

=== Organisations using WKD

* [[https://kernel.org|kernel.org]]
* [[https://gnupg.org|gnupg.org]] (Testing accounts available for developers implementing WKD in ~MUAs.)
* (Several smaller organisations. Like - unsurprisingly - g10code.com and intevation.de.
   //Let us know if you want to be publically listed.//)

==== WKD stand-a-lone (without WKS)
 * [[WKDHosting|wks-tools]] helps to publish a single pubkeyring via static ~H~TTPS.