Autodownload / autopublish keys from key-server?

Holmes Wilson's Avatar

Holmes Wilson

11 Jun, 2012 05:10 PM

Why can't I tell it to automatically search for / retrieve keys from the keyserver for any incoming messages it can't decrypt?

And shouldn't it automatically publish my key to the keyserver on installation?

  1. Support Staff 1 Posted by Steve on 12 Jun, 2012 11:46 AM

    Steve's Avatar

    Hey Holmes,

    this functionality is still missing and we are aware that this is a much requested feature. We will most likely implement it in a later version of GPGMail.

    All the best,
    steve

  2. 2 Posted by Holmes Wilson on 12 Jun, 2012 10:45 PM

    Holmes Wilson's Avatar

    Just made a big awesome donation, in lieu of a sloppy kiss.

    --Holmes

  3. Support Staff 3 Posted by Luke Le on 12 Jun, 2012 10:51 PM

    Luke Le's Avatar

    Hi Holmes,

    wow, thank you so much! We're having some very cool ideas for making exchanging keys as easy as possible in our pipeline and contributions such as yours will help making them happen!

    Thank you!

    If you're interested we'll put you on a list of people receiving pre-release versions of GPGMail for Mountain Lion, that's the least we can do.

  4. 4 Posted by Holmes Wilson on 12 Jun, 2012 11:24 PM

    Holmes Wilson's Avatar

    I'm gonna be super cautious about upgrading this time… I feel like my computer is still worse than it was when it had Snow Leopard. And new OS X released used to be like Christmas!

    Anyway, I had a marketing idea for you too.

    Let's make an awesome GPG landing page that detects platform and offers everyone an easy path to getting up and running. And then let's get all the GPG plugins / apps to (optionally, but by default) include some awesome, tested line in the signature.

    I'm really interested in mainstreaming privacy tools (making the OTR for email) and I think the work you guys are doing is totally the closest to this. So I'm excited to help in any way I can. This is my day job: http://fightforthefutu.re/ :)

    --Holmes

  5. Support Staff 5 Posted by Luke Le on 12 Jun, 2012 11:31 PM

    Luke Le's Avatar

    Hi Holmes,

    we should totally talk about this.
    It's our main goal to make privacy tools as easy as possible and we've started with completely re-imagining GPGMail 2.0 for Lion.
    It's still a long way to go and we'll have to find a way to finance the development in order to continue working on it and putting even more hours into it, but that's what we absolutely wanna do.

    I really like the idea of the GPG landing page and it would be very easy to implement. If we could bring the gpg.org owner on board, that'd be fantastic.

  6. 6 Posted by Holmes Wilson on 24 Jun, 2012 08:34 AM

    Holmes Wilson's Avatar

    Sorry for the slow reply.

    So the next step would be: landing page + "email signature" campaign?

    Tell me more about what you're thinking for GPGMail 2.0!

    --Holmes

  7. 7 Posted by karel.grootte on 25 Jun, 2012 09:36 AM

    karel.grootte's Avatar

    All,

    As to the first comment/feature request of Holmes, I would very much like to keep the possibility to NOT publish keys and to NOT automatically retrieve/upload/download/update keys.
    Lots of people I know think the same, as some do not want there (or not all of there) keys to be published.
    So, nice feature in itself, but please keep it optional or configurable.

    Karel

  8. Support Staff 8 Posted by Luke Le on 25 Jun, 2012 09:44 AM

    Luke Le's Avatar

    Hi Karel,

    there will always be an option to opt-out, but it will most likely be on by default to make it easier for new users to get started.

    But would you mind elaborating some of the reasons why you'd not want to have these feature "just work"?

  9. 9 Posted by karel.grootte on 25 Jun, 2012 09:58 AM

    karel.grootte's Avatar

    Hi Luke,

    Default could be tricky, as with installation you are asked to create a key. In that process give the user the chance to NOT upload that key (checkmark e.g.)
    Some reasons might be:

    • Sharing keys only within a limited group of people or within an organization. There is no need to share outside that group.
    • Uploading the keys to a public keyserver could give away essential information on users, emailaddresses, organisations, who you know, trust etc.
    • Some keys are for internal use only, to encrypt data e.g. Also no need to share that key. (Note, PGP is not only used to sign or encrypt emails.)

    Maybe it sounds paranoia, but then again, we use GPG because we are...
    Karel

  10. Support Staff 10 Posted by Luke Le on 25 Jun, 2012 10:05 AM

    Luke Le's Avatar

    It's true, if no key exists on installation a new key is proposed to be created
    which is later uploaded. That's based on our assumption that advanced or longtime gpg users already have a key and thus this option makes it easier for new users.
    Of course, that might not always make sense, and it makes sense to add a chance to prevent the key being uploaded automatically (I'd rather see it as a default-checked checkbox in the key creation dialog)

    The reasons you're mentioning are all perfectly valid and we'll be sure to take them into account. Thanks!

  11. Steve closed this discussion on 10 Jul, 2012 10:55 AM.

  12. Holmes Wilson re-opened this discussion on 09 Mar, 2013 04:46 AM

  13. 11 Posted by Holmes Wilson on 09 Mar, 2013 04:46 AM

    Holmes Wilson's Avatar

    Hey Luke--

    Following up on this. When I email somebody, why doesn't GPGtools automatically look up the key they are publishing to the key server and let me encrypt the messsage?

    Also, you guys should totally include a link in the signature to a page that tells people how to use GPG on their platform.

    --Holmes

  14. Support Staff 12 Posted by Steve on 28 Mar, 2013 04:08 PM

    Steve's Avatar

    We've a ticket for this now. Please subscribe to the ticket if you want to be notified of changes being made in regards to this issue:

    https://gpgtools.lighthouseapp.com/projects/65764/tickets/465-provi...

    I'm closing this discussion for overview purposes. Feel free to open a new discussions should you run into further problems or need assistance.

    Concerning the signature: You can always add a link to https://gpgtools.org

    Best, steve

  15. Steve closed this discussion on 11 Apr, 2013 11:41 PM.

  16. Steve closed this discussion on 19 Feb, 2014 02:45 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac