|
Size: 2176
Comment: Added date and description to links. Useful as is, so "under construction sign" removed.
|
Size: 3161
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 1: | Line 1: |
| = Proposal to distribute pubkeys via HTTPS to make Email crypto much easier. | = Much easier Email crypto, by fetching pubkey via HTTPS |
| Line 4: | Line 4: |
| As email user, you just select the recipient(s) and can see that the email will be encrypted. | As an email user, you just select the recipient(s) and can see that the email will be encrypted. |
| Line 6: | Line 6: |
| If you and your peers use email-providers offering this "web key service", it works with the first email. Otherwise encryption will start after you have exchanged some emails. |
If you and your peers use email-providers offering this "web key service", it works by the first email. Otherwise encryption will start after you have exchanged some emails. |
| Line 10: | Line 10: |
| Technically your email client will * prepare for this by creating a crypto key for you and either send it to your provider by email or to public keyservers. * sign all emails so others see your pubkey (unless you opt out) |
Technically your email client will automatically * prepare for this by creating a crypto key for you and uploading it to your provider (or second best to public keyservers). * sign all emails so others see that you are ready for crypto (unless you opt out) |
| Line 16: | Line 16: |
| An email-provider offering "web key service" will technically: * provide a pubkey for each user via ~HT~TPS |
An email-provider offering the "web key service" technically has to * provide a pubkey for users via ~HT~TPS |
| Line 20: | Line 20: |
| == Details / Discussion | |
| Line 23: | Line 22: |
| * [[EasyGpg2016/PubkeyDistributionConcept]] <- the (technical) details * 2016-09-08 ~OpenPGP.conf presentation by Werner Koch: [[https://www.openpgp-conf.org/program.html#werner|Abstract]] |
== Details / Discussion of the proposal **[[EasyGpg2016/PubkeyDistributionConcept|Pubkey Distribution Concept]] <- the (technical) details** * 2016-09-08 ~OpenPGP.conf presentation by Werner Koch: [[https://www.openpgp-conf.org/program.html#werner|Abstract]] |
| Line 27: | Line 29: |
| * 2016-09-08 ~OpenPGP.conf presentation by Bernhard Reiter, pages 21-24 | * 2016-09-08 ~OpenPGP.conf presentation by Bernhard Reiter, pages 21-24 |
| Line 30: | Line 32: |
| * 2016-09-09 | * 2016-09-09 |
| Line 32: | Line 34: |
| * 2016-09-11 [[https://www.heise.de/newsticker/meldung/Spezifikation-fuer-die-Verteilung-von-OpenPGP-Keys-per-HTTPS-veroeffentlicht-3317914.html|Spezifikation für die Verteilung von OpenPGP-Keys per HTTPS veröffentlicht//]] Heise news by Johannes Merkert * 2016-09-11 //[[http://lists.gnupg.org/pipermail/gnupg-de/2016-September/000547.html|Anwerkungen zum Web Key Service]]// gnupg-de@ by Werner Koch |
* 2016-09-11 //[[https://www.heise.de/newsticker/meldung/Spezifikation-fuer-die-Verteilung-von-OpenPGP-Keys-per-HTTPS-veroeffentlicht-3317914.html|Spezifikation für die Verteilung von OpenPGP-Keys per HTTPS veröffentlicht]]// Heise news by Johannes Merkert * 2016-09-11 //[[http://lists.gnupg.org/pipermail/gnupg-de/2016-September/000547.html|Anmerkungen zum Web Key Service]]// gnupg-de@ by Werner Koch * 2016-10-05 Draft 02 of the specs published (see details page linked above). |
| Line 37: | Line 40: |
== Implementations === Current GnuPG (2.1) * WKD lookup since v2.1.12 * WKS server and client tools since v2.1.14, see //[[https://gnupg.org/blog/20160830-web-key-service.html|how to run them in GnuPG's blog from 2016-08-30]]// or the [[WKS|Web Key Service page]]. <<FootNote(The server sends message pointing to https://gnupg.org/faq/wkd.html)>> === Mail User Agents * planned Kontact Mail/KMail support (part of EasyGpg2016) * planned Thunderbird support (part of EasyGpg2016) === Mail Service Providers * [[https://posteo.de/en/|Posteo]] offers web key directory lookup and service. (Since 2016-12) * (gnupg.org) Testing accounts by request for developers implementing WKS in Free Software MUAs. === WKD stand-a-lone (without WKS) * [[WKDHosting|wks-tools]] helps to publish a single pubkeyring via static HTTPS. |
Much easier Email crypto, by fetching pubkey via HTTPS
How does it work?
As an email user, you just select the recipient(s) and can see that the email will be encrypted.
If you and your peers use email-providers offering this "web key service", it works by the first email. Otherwise encryption will start after you have exchanged some emails.
Technically your email client will automatically
- prepare for this by creating a crypto key for you and uploading it to your provider (or second best to public keyservers).
- sign all emails so others see that you are ready for crypto (unless you opt out)
- ask the mail provider of your recipients for their pubkeys.
An email-provider offering the "web key service" technically has to
- provide a pubkey for users via HTTPS
- allow each user's email client to automatically manage the pubkey that gets published by email.
Details / Discussion of the proposal
Pubkey Distribution Concept <- the (technical) details
- 2016-09-08 OpenPGP.conf presentation by Werner Koch: Abstract Slides.PDF
- 2016-09-08 OpenPGP.conf presentation by Bernhard Reiter, pages 21-24 Slides.ODP Slides.PDF
- 2016-09-09 OpenPGP-Schlüssel über HTTPS verteilen Golem news by Hanno Böck
- 2016-09-11 Spezifikation für die Verteilung von OpenPGP-Keys per HTTPS veröffentlicht Heise news by Johannes Merkert
- 2016-09-11 Anmerkungen zum Web Key Service gnupg-de@ by Werner Koch
- 2016-10-05 Draft 02 of the specs published (see details page linked above).
The elaborated proposal is a result of the EasyGpg2016 contract.
Implementations
Current GnuPG (2.1)
- WKD lookup since v2.1.12
- WKS server and client tools since v2.1.14, see how to run them in GnuPG's blog from 2016-08-30 or the Web Key Service page. 1
Mail User Agents
- planned Kontact Mail/KMail support (part of EasyGpg2016)
- planned Thunderbird support (part of EasyGpg2016)
Mail Service Providers
- Posteo offers web key directory lookup and service. (Since 2016-12)
- (gnupg.org) Testing accounts by request for developers implementing WKS in Free Software MUAs.
WKD stand-a-lone (without WKS)
The server sends message pointing to https://gnupg.org/faq/wkd.html (1)