Francis Irving · Feb 15, 2017 · 7:46 PM UTC

Francis Irving @frabcus

15 Feb 2017

"Don’t ask users anything about keys, ever." Autoencrypt have nailed a way to get email encrypted autocrypt.readthedocs.io/en/…

Daniel Silverstone 💉💉💉💉² 🏳️‍🌈🇬🇧 · Feb 15, 2017 · 7:48 PM UTC

15 Feb 2017

An interesting idea, but limiting it to a single MUA per account is dangerously limiting.

Francis Irving · Feb 15, 2017 · 10:26 PM UTC

Francis Irving @frabcus

15 Feb 2017

my hunch (totally off top of my head) is they could have a QR code system to safely copy private keys between clients?

Daniel Silverstone 💉💉💉💉² 🏳️‍🌈🇬🇧 · Feb 16, 2017 · 9:59 AM UTC

16 Feb 2017

Or just have clients negotiate via the shared (IMAP) data store

Francis Irving · Feb 16, 2017 · 11:07 PM UTC

Francis Irving @frabcus

16 Feb 2017

now I've read their spec, yes that does seem to be what they're planning for later levels. Maybe.

Francis Irving · Feb 16, 2017 · 11:08 PM UTC

Francis Irving @frabcus

16 Feb 2017

ah, so they'd all declare all of their public keys in each mail?

Daniel Silverstone 💉💉💉💉² 🏳️‍🌈🇬🇧 · Feb 17, 2017 · 1:09 PM UTC

Daniel Silverstone 💉💉💉💉² 🏳️‍🌈🇬🇧 · Feb 17, 2017 · 1:09 PM UTC

17 Feb 2017

Replying to @frabcus

Eitehr that, or the MUAs negotiate a secured channel and share a private key around.

Feb 17, 2017 · 1:09 PM UTC

Francis Irving · Feb 17, 2017 · 2:17 PM UTC

Francis Irving @frabcus

17 Feb 2017

a key question is what archival abilities people expect. I'd expect to be able to download and decrypt old mails years later

Daniel Silverstone 💉💉💉💉² 🏳️‍🌈🇬🇧 · Feb 17, 2017 · 4:54 PM UTC

17 Feb 2017

Which would require that either over time your MUAs share the same key around (and it's backed up); or else that new MUAs reencrypt