> http://g10code.com/docs/steed-usable-e2ee.pdf
Skimmed over this. You say that you need ISP support to get the system adopted (for the DNS-based distribution). Wouldn't that hinder adoption? hotmail and the like still don't support POP3 or IMAP in a standard account, and they are still popular options. So obviously email providers aren't the right place to look to get a technology deployed, especially one that hinders their access to email. How about an opportunistic approach? This email should include the following header: OpenPGP: id=C58C753A; url=https://jeromebaum.com/pgp The MUA could recognize a header like this one and remember that there's a certificate -- so the next email we send will be encrypted. The first email couldn't be, but is that worse than no encryption at all? Basically something like Strict-Transport-Security. What do you think? Like I said this is based on a quick skimming of the paper. Sorry about the long message. -- PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users