[Autocrypt] live discussion about historical keys tomorrow -- 2017-12-12 17:00 UTC https://meet.jit.si/Autocrypt267

Björn Petersen bpetersen at b44t.com
Wed Dec 13 08:21:12 EST 2017

Comment inline below ...

On 13.12.2017 at 08:25, holger wrote:
> Thanks for going through the discussion!
> one inline comment ...
> On Tue, Dec 12, 2017 at 17:12 -0500, Daniel Kahn Gillmor wrote:
>>  [...]
>>  1) we will leave space in the Autocrypt setup message for shipping
>>     (arbitrary) additional optional information, while avoiding too much
>>     additional complexity in the setup message spec.  Level 1 clients
>>     will ignore that information, but at least there's still room for
>>     experimentation.  This is encapsulated in the minimalist PR
>>     https://github.com/autocrypt/autocrypt/pull/275 which makes clear
>>     that additional information after the *first* openpgp-armored blob
>>     in the cleartext of the encrypted payload will be ignored by level 1
>>     clients.
> Does this mean that we could have a 1.1 version of the spec which
> specifies how to deal with secret keys that come after the first one.
> 1.1 clients would then not break 1.0 ones, right?


> However, strictly speaking, wouldn't a MUA that processes multiple
> keys before such a 1.1 spec, break Level 1.0 compliance? 

Yes - esp. as it's not even clear _what_ will follow the first key -
just another key, a delimiter, other options, whatever.  We only say,
whatever there is - ignore it.

If a MUA needs to add additional keys or information _today_, it must
not use the application/autocrypt-setup part for this purpose.

Also, there is no recommendation for doing it in another way. (in
practice, however, I think adding an additional attachment with
MUA-specific data won't break things as long it has no autocrypt-related
MIME-type ...)

More information about the Autocrypt mailing list