Re: message encryption with SMTP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



It appears that Keith Moore  <moore@xxxxxxxxxxxxxxxxxxxx> said:
>You don't even need an SMTP extension to do that, you just need an SMTP 
>server that can be configured to refuse or bounce mail that isn't signed 
>and/or encrypted.
>
>The missing piece is a public key+cert discovery mechanism.  This can 
>also be added to SMTP.
>
>Then you need mail user agents that query recipients' SMTP servers to 
>find the recipient's public keys+certs, and verify the keys used to sign 
>the certs as being trusted.

People have been reinventing this idea for about 30 years now.  We have
S/MIME, which works pretty well in non-web MUAs if you can get an S/MIME
key which you generally can't unless you work for an organization with
a signing key.

We have various ways to wrap mail messages with PGP signatures and
encryption, a fairly well understood PGP key server scheme, and RFC
7929 which says how to publish PGP keys in the DNS.

One aspect these all share is that, within rounding error, nobody
uses them.  I don't see any reason to think that yet another version
of basically the same thing would turn out any differently.

R's,
John

PS: For "query recipients' SMTP servers", there are reasons
that nobody supports the SMTP VRFY and EXPN commands any more.




[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux