|
Size: 901
Comment: added contents.
|
Size: 3115
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 1: | Line 1: |
| **Page under construction** | = Much easier Email crypto, by fetching pubkey via HTTPS |
| Line 3: | Line 3: |
| Proposal to distribute pubkeys via HTTPS to make Email crypto much easier. | == How does it work? As an email user, you just select the recipient(s) and can see that the email will be encrypted. If you and your peers use email-providers offering this "web key service", it works by the first email. Otherwise encryption will start after you have exchanged some emails. |
| Line 6: | Line 10: |
| * [[EasyGpg2016/PubkeyDistributionConcept]] <- the details * http://www.openpgp-conf.org/program.html#werner http://www.openpgp-conf.org/2016/openpgp-2016-simple-key-discovery.pdf * http://www.intevation.de/~bernhard/presentations/201609-openpgpconf/20160908-3bsi-contracts.pdf * [[http://www.golem.de/news/web-key-service-openpgp-schluessel-ueber-https-verteilen-1609-123194.html|Golem news about WKS (in German)]] * [[http://www.heise.de/newsticker/meldung/Spezifikation-fuer-die-Verteilung-von-OpenPGP-Keys-per-HTTPS-veroeffentlicht-3317914.html|Heise news about WKS (in German)]] * [[http://lists.gnupg.org/pipermail/gnupg-de/2016-September/000547.html|"Anwerkungen zum Web Key Service" 2016-09-11 Werner Koch]] |
Technically your email client will automatically * prepare for this by creating a crypto key for you and uploading it to your provider (or second best to public keyservers). * sign all emails so others see that you are ready for crypto (unless you opt out) * ask the mail provider of your recipients for their pubkeys. An email-provider offering the "web key service" technically has to * provide a pubkey for users via ~HT~TPS * allow each user's email client to automatically manage the pubkey that gets published by email. == Details / Discussion of the proposal * [[EasyGpg2016/PubkeyDistributionConcept]] <- the (technical) details * 2016-09-08 ~OpenPGP.conf presentation by Werner Koch: [[https://www.openpgp-conf.org/program.html#werner|Abstract]] [[https://www.openpgp-conf.org/2016/openpgp-2016-simple-key-discovery.pdf|Slides.PDF]] * 2016-09-08 ~OpenPGP.conf presentation by Bernhard Reiter, pages 21-24 [[https://www.intevation.de/~bernhard/presentations/201609-openpgpconf/20160908-3bsi-contracts.odp|Slides.ODP]] [[https://www.intevation.de/~bernhard/presentations/201609-openpgpconf/20160908-3bsi-contracts.pdf|Slides.PDF]] * 2016-09-09 //[[http://www.golem.de/news/web-key-service-openpgp-schluessel-ueber-https-verteilen-1609-123194.html|OpenPGP-Schlüssel über HTTPS verteilen]]// Golem news by Hanno Böck * 2016-09-11 //[[https://www.heise.de/newsticker/meldung/Spezifikation-fuer-die-Verteilung-von-OpenPGP-Keys-per-HTTPS-veroeffentlicht-3317914.html|Spezifikation für die Verteilung von OpenPGP-Keys per HTTPS veröffentlicht]]// Heise news by Johannes Merkert * 2016-09-11 //[[http://lists.gnupg.org/pipermail/gnupg-de/2016-September/000547.html|Anmerkungen zum Web Key Service]]// gnupg-de@ by Werner Koch * 2016-10-05 Updated protocol specs published: [[https://tools.ietf.org/id/draft-koch-openpgp-webkey-service-02.html|Web Key Service (draft 02)]] |
| Line 14: | Line 40: |
== Implementations === GnuPG "modern" * WKD lookup experimental since v2.1.12 * WKS server and client experimental tools since v2.1.14, see //[[https://gnupg.org/blog/20160830-web-key-service.html|how to run them in GnuPG's blog vom 2016-08-30]]// or the [[WKS|Web Key Service page]]. === Mail User Agents * planned Kontact Mail/KMail support (part of EasyGpg2016) * planned Thunderbird support (part of EasyGpg2016) === Mail Service Providers * (planned for Sep/Okt 2016) [[https://posteo.de/en/|Posteo]] offering full implementation of "web key service". Posteo already implemented provisioning of pubkeys via HT~TPS. * (gnupg.org) Testing accounts by request for developers implementing WKS in Free Software MUAs. |
Much easier Email crypto, by fetching pubkey via HTTPS
How does it work?
As an email user, you just select the recipient(s) and can see that the email will be encrypted.
If you and your peers use email-providers offering this "web key service", it works by the first email. Otherwise encryption will start after you have exchanged some emails.
Technically your email client will automatically
- prepare for this by creating a crypto key for you and uploading it to your provider (or second best to public keyservers).
- sign all emails so others see that you are ready for crypto (unless you opt out)
- ask the mail provider of your recipients for their pubkeys.
An email-provider offering the "web key service" technically has to
- provide a pubkey for users via HTTPS
- allow each user's email client to automatically manage the pubkey that gets published by email.
Details / Discussion of the proposal
- EasyGpg2016/PubkeyDistributionConcept <- the (technical) details
- 2016-09-08 OpenPGP.conf presentation by Werner Koch: Abstract Slides.PDF
- 2016-09-08 OpenPGP.conf presentation by Bernhard Reiter, pages 21-24 Slides.ODP Slides.PDF
- 2016-09-09 OpenPGP-Schlüssel über HTTPS verteilen Golem news by Hanno Böck
- 2016-09-11 Spezifikation für die Verteilung von OpenPGP-Keys per HTTPS veröffentlicht Heise news by Johannes Merkert
- 2016-09-11 Anmerkungen zum Web Key Service gnupg-de@ by Werner Koch
- 2016-10-05 Updated protocol specs published: Web Key Service (draft 02)
The elaborated proposal is a result of the EasyGpg2016 contract.
Implementations
GnuPG "modern"
- WKD lookup experimental since v2.1.12
- WKS server and client experimental tools since v2.1.14, see how to run them in GnuPG's blog vom 2016-08-30 or the Web Key Service page.
Mail User Agents
- planned Kontact Mail/KMail support (part of EasyGpg2016)
- planned Thunderbird support (part of EasyGpg2016)