| 1 |
[Sent from my iPad, as it is not a secured device there are no cryptographic keys on this device, meaning this message is sent without an OpenPGP signature. In general you should *not* rely on any information sent over such an unsecure channel, if you find any information controversial or un-expected send a response and request a signed confirmation] |
| 2 |
|
| 3 |
> On 28 Dec 2015, at 16:07, Kristian Fiskerstrand <k_f@g.o> wrote: |
| 4 |
> |
| 5 |
> |
| 6 |
|
| 7 |
> The main issue is key storage, though. For signatures you can use a dedicated signing subkey, however you get in problem with encrypted emails as mobile devices are not really secure devices and should never have cryptographic material. What could work in this case is a NFC (or for that matter bluetooth, although it needs to be properly paired etc etc) channel with a separate device with a separate keychain and display so you can verify the request, and never |
| 8 |
|
| 9 |
This should read pinentry, the existence of a keyring is implicit to the use case.. |
| 10 |
|
| 11 |
> actually expose private key material to the cellphone. |
| 12 |
> |
| 13 |
> In the mean time I just include the notice whenever I don't sign, at least some people notice it and gives it another thought. |
Archives