[dane-pgp]

> you have to use it in your existing email client, and then you have to download keys, and then there’s this whole third issue of making sure they’re the right keys.

If you use Thunderbird as your email client, then it will download the right keys for you automatically.[0]

Actually it's two clicks to use the WKD support to download the key (assuming your correspondent's email provider supports that, as ProtonMail does[1]) or the keys are already downloaded if they are included as an attachment or as a header (which is the case if your correspondent is using a client that supports Autocrypt[2]).

As with other E2E encrypted systems, you should check these keys(' fingerprints) out of band, otherwise your security only follows the TOFU model, but this is still a huge improvement over non-PGP email and doesn't require any special understanding of cryptography.

[0] https://support.mozilla.org/en-US/kb/openpgp-thunderbird-how...

[1] https://protonmail.com/blog/security-updates-2019/

[2] https://autocrypt.org/

[emptysongglass]

Wait, wait, wait. ProtonMail only supports WKD lookups for desktop. I've had an open request for years to their support team to implement WKD lookups on mobile. As ProtonMail is the only PGP email provider with any mass traction, at this point it's just a middle finger to people who prefer to control their own selfhosted mailservers.

I can't expect any PM user is going to be able to send me PGP encrypted mail when many emails start from a mobile device.

[dane-pgp]

I was curious about this problem, and found that the pull request for "Implement WKD" (in the web app) was merged[0] in December 2019, and there is a bug report[1] from October 2020 complaining that the Android app can't look up (some) WKD keys. That bug was last updated in November 2020 and is still open.

[0] https://github.com/ProtonMail/proton-contacts/pull/338

[1] https://github.com/ProtonMail/proton-mail-android/issues/44