fgiorlando
commented
8 years ago Another option is accessing a default keyserver (like sks)
Open renne opened 8 years ago
fgiorlando
commented
8 years ago Another option is accessing a default keyserver (like sks)
renne
commented
8 years ago Keyservers DO NOT CHECK the identity of the uploader of a public key. If you have the email address of someone, you can upload a key. Keyservers are not trustworthy.
The address-book is a manually self-maintained trustworthy cache for public keys. If you want a secure authorized publication and look-up of public PGP keys you have to implement DANE-OpenPGP DANE-OpenPGP.
renne
commented
8 years ago It has just been released as IETF RFC 7929 - DNS-Based Authentication of Named Entities (DANE) Bindings for OpenPGP. ;)
renne
commented
8 years ago The PHP-library Net_DNS2 supports OpenPGPkey lookups. You can install it with Pear or manually from Github. You need to include the class 'netdns2/Net/DNS2.php' (or '/usr/share/php/Net/DNS2.php' with Pear on Ubuntu) in your code. See the code example.
The german email providers Core Networks, mail.de and Posteo already publish OpenPGPkey-records. If you want to test your Net_DNS2 integration you can look up the email-addresses info@core-networks.de, support@mail.de and support@posteo.de with Net_DNS2. The result can be compared at OPENPGPKEY.info
Hi,
sharing and storing public PGP keys is the big show stopper in email end-to-end encryption.
The IETF RFC 6350 defines the VCard format. Section 6.8.1 explicitly lists an example how to store public PGP keys in VCards. Using the addressbook to store public PGP keys would allow to just import VCards of contacts with public PGP-keys included and even share them between own devices via CardDAV.
Please add VCard-tags with textareas for public PGP keys to the Rainloop addressbook.