Adding support for fetching GPG key using WKD protocol

Derek Martin invalid at pizzashack.org
Fri Jul 6 20:32:19 UTC 2018


Wiktor,

On Fri, Jul 06, 2018 at 09:12:26PM +0200, Wiktor Kwapisiewicz wrote:
> >On that basis I think Mutt should force the user to explicitly decide
> >that they want to fetch a key, by doing so through the gnupg
> >interface.
> 
> Is asking the user if they want to fetch the key interactively (if
> the key is not found locally) not an explicit decision?

Not necessarily!  Users get in the habit of accepting dialogs because,
well, obviously I want to do what I just said I want to do!

> Or do you mean that the user should exit mutt and run gpg manually?

Yes.

> >Another way to look at this:  Mutt likes to relegate tasks to an
> >application which is designated for that task.
[...]
> Yes, I agree. The problem is that GPGME does not respect user
> preferences w.r.t. key retrieval (stored in gpg.conf). I will ask on
> gnupg-devel list if this is by design.

Yes, I can see that this is a problem.  But Mutt's philosophy has
generally been that the tool designated to do the job should do the
job, and a bug in that tool should generally not be worked around in
Mutt, though exceptions exist when the situation calls for it.  I'm
not convinced this one calls for it... the GnuPG people are pretty
reasonable and responsive.
 
Your other points are all reasonable, and like I said, my opposition
to the feature isn't strong--but you didn't change my mind either. :)

There's a trade-off here, as is often the case with security-sensitive
issues.  If you make it too easy, it will be used improperly, some
percentage of the time, defeating the security that was meant to be
added.  If you make it too hard, it won't be used at all when perhaps
it should.

It's become my opinion that e-mail privacy is a lost cause.  There are
too many ways it can fail for you to be able to be confident that it
has not (in the event you actually have any communications worth
encrypting), some of which may put your life in danger[*].  This,
combined with the point above, is the reason my opposition is not
strong, but it's also another argument why Mutt doesn't need the
feature.  That is, you simply don't need it because encrypting your
e-mail is pointless in the first place. :)  Obviously there will be
many exceptions, but I think for the average person it's true.

But, I admit, I'm off in the weeds now... =8^)

-=-=-
[*] Like forcing you--OR your recipients--to decrypt your e-mail at
gunpoint.  And worse still, if you use it when you don't need it,
encryption may lead some bad actors to believe you have something
worth encrypting when you don't, causing them to target you for no
good reason.

-- 
Derek D. Martin    http://www.pizzashack.org/   GPG Key ID: 0xDFBEAD02
-=-=-=-=-
This message is posted from an invalid address.  Replying to it will result in
undeliverable mail due to spam prevention.  Sorry for the inconvenience.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.mutt.org/pipermail/mutt-dev/attachments/20180706/626f6709/attachment.asc>


More information about the Mutt-dev mailing list