Mailcow-dockerized: [Feature] Add support for Web Key Service

Created on 5 Jul 2019 · 8Comments · Source: mailcow/mailcow-dockerized

WKS is a way to publish GnuPG public keys by storing them on the mailserver (instead of using public keyservers, which are deprecated).

If user [email protected] sends you a gpg signed message, your MUA (mail client) can automatically look up the public key of this user on https://example.org/.well-known/openpgpkey/hu/... and verify the signature. If you need to send an encrypted message to [email protected], your MUA can automatically find the public key of [email protected] the same way. Enigmail, KMail, Outlook, Mailvelope, already support this.

For this to work, the owner of the account [email protected] should send his public key by email to [email protected], then reply to the confirmation message. This may also be done automatically by his mail client (Enigmail, KMail, Outlook, already support this).

Finally, this needs WKS to be installed on the server. This page describes the installation steps: https://wiki.gnupg.org/WKS.

Would it be possible to add a WKS container to mailcow-dockerized, that implements this service?

enhancement

Source

dashohoxha

👍12

All 8 comments

There is no traction for GPG. At least not for email, there never was. This is something that less than 1% will ever use. S/MIME is much better, less convoluted, cleaner, and leaves nothing to do server side.

Fastidious on 26 Jul 2019

👎9

There is no traction for GPG. At least not for email, there never was. This is something that less than 1% will ever use. S/MIME is much better, less convoluted, cleaner, and leaves nothing to do server side.

Is this your opinion or something else?

dashohoxha on 26 Jul 2019

@dashohoxha both, my opinion, and my perception of what I have seeing for many years. Don't read what I wrote with a bad tone, I simply believe something like this will bloat the cow with something that isn't a mail server duty to do.

As a sign of good will, I will remove my thumbs down.

Fastidious on 26 Jul 2019

i do not like the 10+ years old fight "smime vs gpg" here.
it's just derailing. and it feels like _"don't support outlook/applemail but only thunderbird setup"_
there is no reason not to support both and leave the choice users (and their mail receivers).

Adorfer on 27 Jul 2019

Don't read what I wrote with a bad tone, I simply believe something like this will bloat the cow with something that isn't a mail server duty to do.

It can be optional (if possible).

As a sign of good will, I will remove my thumbs down.

Please also add a thumbs up.

i do not like the 10+ years old fight "smime vs gpg" here.

I think that gpg supports smime too, but this is not relevant to this topic.

dashohoxha on 27 Jul 2019

It should be noted that WKS is merely one way to automate the creation of a Web Key Directory (which is ultimately just a collection of keys in a .well-known directory on a webserver). WKD could be implemented in Mailcow without WKS at all.

Even just allowing users to upload a public PGP key in the user control panel could work, and might be simpler. Although you'd still need to verify that the key only contains addresses on @example.com that the user is authorized to receive mail at.