[Differential] [Commented On] D3140: Add formatters for application/pgp-keys and application/vnd.gnupg.wks body parts

bjoernbalazs (Bjoern Balazs) noreply at phabricator.kde.org
Thu Oct 27 11:37:48 BST 2016 

bjoernbalazs added a comment.


  Ok, I think I get the idea.
  
  We have two workflows:
  
  [1] Uploading your public key
  =============================
  
  I suggest to create the workflow like this:
  
  - User does not uncheck the publish public key checkbox during set-up
  - Mail with request to publish the key gets sent to the server and is automatically deleted on the users computer
  - Server responds with am encrypted mail:
    - This is an automatically generated mail needed to securely publish your public key. Please open it with the mail client you used to create your mail encryption keys. Do not delete or answer to this mail.
    - Some cryptic stuff goes here to securely identify everything
      - (This is just needed in case the user opens the mail with some other client.)
  - When KMail opens this mail and can decrypt it, it answers automatically to the mail, deletes both, this mail and the answer.
    - It is important to reduce the needed user interaction as much as possible, because we loose a lot of users with each of these steps!
  - When the server gets the mail it publishes the new public key and sends a mail to the user saying:
    - Thank you for publishing your public key. It is now much easier for other people to confidentially share information with you. Learn more about how to protect your privacy at www....
    - Overview of key and email address
    - This is an automatically generated mail. Please do not answer to it.
  
  DONE :)
  
  [2] Importing public keys
  =========================
  
  When a mail is viewed that contains a public key, we would like the user to store this key locally. So we need to prompt him to do this, as we cannot do this automatically. Technically the key simply is an attachment and should be handled as such. It might be wise to put some effort into how attachments are displayed to fulfil the additional needs of attached public keys (tbd).
  To get the user to update the locally stored keys, I would like to first automatically check if the attached public key equals the public key in Kleo. If it does the user does not need to be informed.
  In case there is a difference, I would like to raise a dialogue to point the user to this new key. The reasoning behind this is the fact that it will not happen very often that you get a new public key and at the same time it is important to store / update this key locally asap. This is reason enough to interrupt the user. If we don't do it, it will be very hard to point the user to the needed actions. 
  This dialogue should offer the possibilities to:
  
  - replace the key
  - add the new key
  - don't add the new key
  - never add this new key
  - never show this dialogue again (possibly only in the settings)
  
  What do you think?

REPOSITORY
  rKDEPIMADDONS KDE PIM Addons

REVISION DETAIL
  https://phabricator.kde.org/D3140

EMAIL PREFERENCES
  https://phabricator.kde.org/settings/panel/emailpreferences/

To: dvratil, aheinecke, mlaurent, bjoernbalazs
Cc: knauss, emanuel, mlaurent, kde-pim, #kde_pim, spencerb, dvasin, winterz, vkrause, dvratil
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-pim/attachments/20161027/507b2126/attachment.html>

More information about the kde-pim mailing list