On Mon, Mar 14, 2016 at 01:18:33PM -0700, Doug Barton wrote: > In this scenario the PGP community has long (and I mean, for 20 years or so) > advised to ring the person and confirm their key fingerprint (and by > extension preferred e-mail address) over the phone. I don't see any reason > why the existence of a DNS mechanism would change that advice. Because opportunistic encryption won't happen under that requirement. While not all encryption of email will be opportunistic, it seems to me that part of the motivation for this experiment is to enable opportunistic encryption of email sent to people you'll never meet in person or necessarily be able to contact by means other than email. The way that PGP has been used for 20 years has not resulted in broad adoption of PGP. This experiment may well not do much better, (cue Phillip and mathematical mesh which could be what it takes to make real progress, but too early to tell), but it seems to me that it is definitely intended to facilitate encrypted first contact. -- Viktor.