← Back to team overview

ubuntu-phone team mailing list archive

Re: [feature request/question] Encrypted email/sms support?

 

On Thu, 2013-07-18 at 20:26 +0200, Rasmus Eneman wrote:
> >If you're going to handle key creation and exchange invisibly, what
> use is GPG?
> Because we would want that infrastructure for the email anyways.

I think his point is that the strength of GPG is in it's trust model. We
can handle key creation and exchange invisibly, and provide an encrypted
session. But, we should make the interface clear that the recipient is
not verified, and provide instructions on how to verify the recipient's
key (and then sign it).

> We trust the phone number as SIM cards isn't clone-able.

Even if that is true, how are you going to send the phone number over
the internet in a way which I couldn't just replace with a fake number?
Basically, that's not going to work.

> If not we should notice the user, explain why this could happen and
> ask him or her if the new key is trusted.

Ignore the phone number approach, but this is what should happen if a
new key is detected. It again needs to be clear that the new key needs
to go through verification as before.

Attachment: signature.asc
Description: This is a digitally signed message part


Follow ups

References