[Autocrypt] live discussion about historical keys tomorrow -- 2017-12-12 17:00 UTC https://meet.jit.si/Autocrypt267

holger holger at merlinux.eu
Wed Dec 13 02:25:14 EST 2017


Thanks for going through the discussion!
one inline comment ...

On Tue, Dec 12, 2017 at 17:12 -0500, Daniel Kahn Gillmor wrote:
> On Mon 2017-12-11 15:33:40 -0500, Daniel Kahn Gillmor wrote:
> > Please join us if you're interested!  I'll try to make sure that a
> > summary of the discussion makes it into the ticket.
> 
> After a bit of delay, Vincent, Bjoern, and i had a good discussion about
> several issues related to multiple secret keys, and came up with the
> following minimalist approach for level 1:
> 
>  0) we will not say anything specific about what to do with multiple
>     secret keys for a given account in level 1.  there's a lot of
>     potential complexity there, and we don't think level 1 clients need
>     to engage with it if they don't want to.
> 
>  1) we will leave space in the Autocrypt setup message for shipping
>     (arbitrary) additional optional information, while avoiding too much
>     additional complexity in the setup message spec.  Level 1 clients
>     will ignore that information, but at least there's still room for
>     experimentation.  This is encapsulated in the minimalist PR
>     https://github.com/autocrypt/autocrypt/pull/275 which makes clear
>     that additional information after the *first* openpgp-armored blob
>     in the cleartext of the encrypted payload will be ignored by level 1
>     clients.

Does this mean that we could have a 1.1 version of the spec which
specifies how to deal with secret keys that come after the first one.
1.1 clients would then not break 1.0 ones, right?

However, strictly speaking, wouldn't a MUA that processes multiple
keys before such a 1.1 spec, break Level 1.0 compliance? 

holger



More information about the Autocrypt mailing list