#Lacre project is looking for
#infosec advice.
It's a Postfix
#Mail Transfer Agent plugin capable of encrypting email with user-supplied public OpenPGP key. Right now we're solving problem of a key no longer being accessible by its user.
The process is:
1. The user provides a key.
2. They are asked to confirm it (mail with a link).
3. The key is imported into the keyring.
At this point, any cleartext message will be encrypted with user's key before being appended to their inbox.
The problem is: what if the user looses their passphrase or private key? They need a way to reset the key, but confirmation mail is encrypted with the old key.
Our current idea is to encrypt reset confirmation request with the new key, so Lacre doesn't encrypt it with the old one, at the same time letting us verify that the user can use the new key.
Does it sound like a reasonable idea? Does it have any downsides we haven't noticed? Any hints?
Please boost!
