On Thu, 10 Oct 2013 00:00:31 +0200 Bjoern Hoehrmann <derhoe...@gmx.net> wrote:
> * Mike Demmers wrote: > >TThe basic concept of default deny for encrypted emails only seems very > >'right' to > >me, because if you are going to the trouble to do this, and handle things > >like > >key exchanges, that communication must be pretty special to begin with. Why > >would > >you want 'just anyone' to be able to send you encrypted emails? > > I got the PGP key in my signature particularily so that strangers can > contact me in a somewhat confidential manner (that was in 1999 when I > was still in secondary education, and pretty much everybody I knew at > the time would have better ways for confidential communication, but > strangers living thousands of kilometers away lacked those options). If using default deny for encrypted email, they would simply have to first send you a non-encrypted email that said something like "I would like to exchange email with you confidentially and have added your address to my 'allow' list, would you add me to yours?" Would this be a problem? Remember, this is email, and PGP - the fact that they are contacting you is not hidden in either case, just the actual content. Of course, if you ONLY want encrypted email communications in that circumstance, you might want to just turn off default deny. I am suggesting this as a standard default, not as something required - the user must always have the choice. In the case of someone with no previous contact, if they tried to send you encrypted email, they would get an immediate bounce with an error message something like: 550 "Email rejected because not on users whitelist. Please ask for whitelisting in an unencrypted email." Ideally, user email programs would have some really simple ways to handle this. -Mike _______________________________________________ perpass mailing list perpass@ietf.org https://www.ietf.org/mailman/listinfo/perpass