Eliot Lear <lear@xxxxxxxxx> writes: > On 9/23/15 9:00 PM, John R Levine wrote: >> I should have been clearer, the assertion is "this is my user's key". >> >>> Let's focus on the case where it's completely false, yet it's still >>> reasonable to trust the domain to publish the right MX records. I'm not >>> seeing that case at all, so I'd appreciate some help. >> >> A straightforward example is that the mail system, through malice or >> outside pressure, does an MITM attack on users who have their own >> keys, so it publishes a key it controls and re-encrypts mail on the >> way through to the user's own key. An outsider who had the old key >> might notice that the key changed, or if he didn't have the old key, >> probably not. >> > > The good news is that this should be observable by the user. That is, > he should be able to query the domain for his own public key and > compare. The user can't detect it reliably, I believe, at least not until we have something like a Certificate Transparency project for DNSSEC data. /Simon
Attachment:
signature.asc
Description: PGP signature