Re: identity and encryption
> will automatically be encrypted after the first email exchange.
That can be abused, also it wont be used as there are loads of email clients and you basically need this in all of them.
I use Signal on my mobile for sending SMS and if I even find someone in my contacts who uses Signal too I can send secure messages. However I doubt I will ever find another Signal user as everyone else is still using Whatsapp et-al, who also implemented the Signal protocol. ow if only we could trust they implemented the Signal protocol properly and honestly, then we could have Signal and Whatsapp interoperate.
That would be great.
> Without the need for a third party key holder
There is no third party key holder in PGP. Well there isnt the NEED for one. Put your public key on your website, attach it to your unencrypted emails. Anything will do. The savvy users will then confirm your key is valid while more trusting users will simply TOFU. The key servers are useful only if the owner of the keys bothers to use them, which is probably a good idea as it allows key revocation.
> I do not like third party key holders
There arent any, but yes I dont like them either. Keyservers are not key holders, well not how you think and they dont do any tracking (well they could track you based on browser fingerprint). What you are thinking of is key escrow, where you must give up your private key.
> I do not like any protocol with a "revoke"
Why? If my key has been compromised and I'm no longer in control of it then I most certainly want to tell anyone who is sending me encrypted stuff not to use that key. I also want to have those people know that the email I sent them could not have come from me as I revoked the key, so when "I'm" telling my stock broker to transfer all my shares to some guy in South Africa maybe they will think that its probably best to not do that. Or maybe "I" send my solicitor who has never seen my face a scan of my driving license for proving ID on a house purchase.
Unfortunately no solicitor I looked at when I bought a house in 2012 used PGP/GPG so I had to send a colour scan of my ID documents IN THE CLEAR FFS. I seriously would have preffered to FAX it. Oh well, my risk to take. And no, no encrypted zips either, I only fond out about that limitation while in the middle of exchanging contracts.
> Want to change your public key? Then change it. People you communicate with will get a big fat warning that something is wrong because the key has changed. That's as it should be!
Thats how it is.
Biting the hand that feeds IT
