[Autocrypt] live discussion about historical keys tomorrow -- 2017-12-12 17:00 UTC https://meet.jit.si/Autocrypt267
Björn Petersen
bpetersen at b44t.com
Wed Dec 13 08:21:12 EST 2017
Comment inline below ...
On 13.12.2017 at 08:25, holger wrote:
> Thanks for going through the discussion!
> one inline comment ...
>
> On Tue, Dec 12, 2017 at 17:12 -0500, Daniel Kahn Gillmor wrote:
>> [...]
>> 1) we will leave space in the Autocrypt setup message for shipping
>> (arbitrary) additional optional information, while avoiding too much
>> additional complexity in the setup message spec. Level 1 clients
>> will ignore that information, but at least there's still room for
>> experimentation. This is encapsulated in the minimalist PR
>> https://github.com/autocrypt/autocrypt/pull/275 which makes clear
>> that additional information after the *first* openpgp-armored blob
>> in the cleartext of the encrypted payload will be ignored by level 1
>> clients.
>
> Does this mean that we could have a 1.1 version of the spec which
> specifies how to deal with secret keys that come after the first one.
> 1.1 clients would then not break 1.0 ones, right?
Yes.
> However, strictly speaking, wouldn't a MUA that processes multiple
> keys before such a 1.1 spec, break Level 1.0 compliance?
Yes - esp. as it's not even clear _what_ will follow the first key -
just another key, a delimiter, other options, whatever. We only say,
whatever there is - ignore it.
If a MUA needs to add additional keys or information _today_, it must
not use the application/autocrypt-setup part for this purpose.
Also, there is no recommendation for doing it in another way. (in
practice, however, I think adding an additional attachment with
MUA-specific data won't break things as long it has no autocrypt-related
MIME-type ...)
More information about the Autocrypt
mailing list