Adding support for fetching GPG key using WKD protocol
Wiktor Kwapisiewicz
wiktor at metacode.biz
Fri Jul 6 20:54:20 UTC 2018
> Your other points are all reasonable, and like I said, my opposition
> to the feature isn't strong--but you didn't change my mind either. :)
Yes, I can see that, but it's hard to change your opinion that e-mail
privacy is a lost cause in just a couple of e-mails.
Mind me asking why do you put your key ID in e-mails if you're opposed
to encrypted communication?
> FWIW, we've now seen from 3 mutt-dev followers that they would prefer
> this code not go in... even to the point where they'd patch -R to
> remove it. That, for my money, is reason enough to not include it.
There is no code at this point and as far as I can see the "ultimate
solution" of patching has been brought in context of "automatic WKD".
And automatic WKD was already dismissed by Kevin in his first e-mail.
Quote from Claus Assmann:
>> I am disinclined to default-enable something that send http requests
>> out without the user fully understanding what's going on.
>
> Agreed.
>
> I would patch my copy of the source to not enable such code at all
End of quote.
> It's actually worse, because
> it leaks whom you are actually sending messages to, rather than from
> whom you're receiving them...
If you're sending e-mail to user at example.com and do a WKD query it would
reveal that only to example.com. But you're sending the e-mail there so
that user (or their server admins) would already know that after you
send that e-mail.
Kind regards,
Wiktor
--
https://metacode.biz/@wiktor
More information about the Mutt-dev
mailing list