18 10 | 2012

An email header field to indicate you would like encrypted replies

Written by Tanguy

Classified in : Homepage, Debian

A letter with a wax seal

As you may know, when Phil Zimmermann published PGP, his goal was to counter the wide spying possibilities the development of electronic communications offered to the authorities, by promoting the general use of encryption so that 1. governments would not be able to restrict it afterwards and 2. it becomes possible to encrypt messages for privacy without drawing suspicion.

Now, cryptography has made its way and is widely use, but mostly for commercial website and only sparsely for mail. Indeed, contrary to signing, encrypting a message requires that the recipient has a crypto key and is able and willing to use it to decrypt your message.

To alleviate this problem, I thought that it would be useful to have a way, when sending a message, to tell your recipients that you would like that they encrypt their answers, because you are able and willing to get encrypted mail. I think the most relevant way to do that would be by adding a dedicated header field:

In that header, one would be able to indicate what protocols he accepts. I suggest a comma-separated list, with the following possible values: PGP (or PGP/MIME and PGP/traditional for people that only accept one of these two PGP formats), S/MIME. For instance:

It may be useful to be able to indicate that you either always wish your messages to be encrypted, or that it is only for this message's replies. If this is really relevant, it would take two distinct headers: and .

Any thought about that proposal? Next thing to do, determine how to have that standardized at IANA and how to promote it.

12 05 | 2012

Signing-party and crypto conference in Paris

Written by Tanguy

Classified in : Homepage, Debian

Statue of Saint Peter holding the heaven's key

Monday 21st during at 18:45, in Paris, there will be a conference organized by Parinux, where I will explain the principles of cryptography and their application in the SSL and PGP systems. This conference will be followed at 20:30 by a signing-party PGP et CAcert.

For the signing-party, I will ask participants to:

  1. generate a key pair if you do not already have one;
  2. send me you public key and register;
  3. print some copies of your key fingerprint;
  4. print the list of participants I will send you;
  5. come with all that stuff and one or two identity documents.

This is a partial translation of the full article I wrote in French, in case foreigners could attend. Sorry for the very late notice…