[Autocrypt] usability and passphrase-less keys
Maikel
maikel at email.org.au
Wed May 3 19:54:25 EDT 2017
Hello,
This is my first contribution on the list, so tell me if I'm missing
some conventions here.
Holger said:
> I eventually perceived us arriving at the conclusion that there is
> no good reason for defaulting to require passphrases when generating
> a key.
You discussed the cases when the key is stored on the user's device. And
I think that the conclusion is reasonable in this passive attack
scenario.
But what about the key sharing? Since there is no specification of the
key sharing yet, we don't know the implications of this. Anyway, any key
sharing should protect the key independently. The docs say:
> Todo: Crically consider end-to-end encryption for MUAA messages.
> https://autocrypt.readthedocs.io/en/latest/peering.html
Cheers,
maikel
More information about the Autocrypt
mailing list