[Sent from my iPad, as it is not a secured device there are no cryptographic keys on this device, meaning this message is sent without an OpenPGP signature. In general you should *not* rely on any information sent over such an unsecure channel, if you find any information controversial or un-expected send a response and request a signed confirmation]
> On 28 Dec 2015, at 16:07, Kristian Fiskerstrand <k...@gentoo.org> wrote: > > > The main issue is key storage, though. For signatures you can use a dedicated > signing subkey, however you get in problem with encrypted emails as mobile > devices are not really secure devices and should never have cryptographic > material. What could work in this case is a NFC (or for that matter > bluetooth, although it needs to be properly paired etc etc) channel with a > separate device with a separate keychain and display so you can verify the > request, and never This should read pinentry, the existence of a keyring is implicit to the use case.. > actually expose private key material to the cellphone. > > In the mean time I just include the notice whenever I don't sign, at least > some people notice it and gives it another thought.
