Adding support for fetching GPG key using WKD protocol

Wiktor Kwapisiewicz wiktor at
Fri Jul 6 20:54:20 UTC 2018

> Your other points are all reasonable, and like I said, my opposition
> to the feature isn't strong--but you didn't change my mind either. :)

Yes, I can see that, but it's hard to change your opinion that e-mail 
privacy is a lost cause in just a couple of e-mails.

Mind me asking why do you put your key ID in e-mails if you're opposed 
to encrypted communication?

> FWIW, we've now seen from 3 mutt-dev followers that they would prefer
> this code not go in... even to the point where they'd patch -R to
> remove it.  That, for my money, is reason enough to not include it.

There is no code at this point and as far as I can see the "ultimate 
solution" of patching has been brought in context of "automatic WKD". 
And automatic WKD was already dismissed by Kevin in his first e-mail.

Quote from Claus Assmann:

>> I am disinclined to default-enable something that send http requests
>> out without the user fully understanding what's going on.
> Agreed.
> I would patch my copy of the source to not enable such code at all

End of quote.

> It's actually worse, because
> it leaks whom you are actually sending messages to, rather than from
> whom you're receiving them...  

If you're sending e-mail to user at and do a WKD query it would 
reveal that only to But you're sending the e-mail there so 
that user (or their server admins) would already know that after you 
send that e-mail.

Kind regards,


More information about the Mutt-dev mailing list