Proposal to distribute pubkeys via HTTPS to make Email crypto much easier.
How does it work?
As email user, you just select the recipient(s) and can see that the email will be encrypted.
If you and your peers use email-providers offering this "web key service", it works with the first email. Otherwise encryption will start after you have exchanged some emails.
Technically your email client will
- prepare for this by creating a crypto key for you and either send it to your provider by email or to public keyservers.
- sign all emails so others see your pubkey (unless you opt out)
- ask the mail provider of your recipients for their pubkeys.
An email-provider offering "web key service" will technically:
- provide a pubkey for each user via HTTPS
- allow each user's email client to automatically manage the pubkey that gets published by email.
Details / Discussion
- EasyGpg2016/PubkeyDistributionConcept <- the (technical) details
- 2016-09-08 OpenPGP.conf presentation by Werner Koch: Abstract Slides.PDF
- 2016-09-08 OpenPGP.conf presentation by Bernhard Reiter, pages 21-24 Slides.ODP Slides.PDF
- 2016-09-09 OpenPGP-Schlüssel über HTTPS verteilen Golem news by Hanno Böck
- 2016-09-11 Spezifikation für die Verteilung von OpenPGP-Keys per HTTPS veröffentlicht// Heise news by Johannes Merkert
- 2016-09-11 Anwerkungen zum Web Key Service gnupg-de@ by Werner Koch
The elaborated proposal is a result of the EasyGpg2016 contract.