On Fri, 2021-01-15 at 03:33 -0800, Randy Bush wrote:
email from a friend who uses protonmail as their MTA suddenly started to be opportunistically encrypted with pgp; i.e. the sender's MUA did nothing to cause the encryption. i believe this started when i provided my pgp public key over WKD [0].
Interesting. When I read the subject though, I have to admit that I was hoping your e-mail was going to be about REQUIRETLS/RFC8689. It's a real pity that there appears to be no real-world use/implementation of RFC8689. I think in practice the old adage that "e-mail is insecure" is becoming untrue, by a significant amount, I suspect, due to the prevalence of STARTTLS. The problem with STARTTLS of course is that it is opportunistic only and with no way for the sender to indicate that a message MUST use TLS or not be delivered at all. I routinely send things by e-mail that, while they are not the combination to the big safe at Fort Knox, they are not something I would staple to utility poles. When doing such I will typically look up the MXes for the recipient and test their SMTP port for STARTTLS to see if the mail will at least ride the wires with TLS. It would be so much easier to have a checkbox in my MUA to do this though. :-) All of that said, thanks for the pointer to WKD. I didn't know about that. Use of it at the MTA level is interesting. Cheers, b.