Re: Why are mail servers not also key servers?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 04/20/2017 11:35 AM, Viktor Dukhovni wrote:
On Thu, Apr 20, 2017 at 07:01:05PM +0200, Jon wrote:

This is why I think smtp should be extended. All your mail agents
support (E)SMTP and presumably they would all support an extension to
smtp. The private keys will need to be stored some how to allow for
multiple clients, but a key generated from user input could be used to
decrypt a stored copy of the private key.

A major problems with all E2E email encryption proposals is unrelated
to key distribution, none of the extant MUAs provide an adequate
interface for E2E encrypted email.

       + Encrypted email is not searchable.

Sure it is, by the recipient MUA, else the user could not read their email. It would not be searchable by a 3rd party - which is the point of encryption.

       + Encrypted email is difficult to scan for spam and malware

The scan would have to take place in the MUA. Firewall scanners would fail, as they do now with S/MIME or encrypted PGP.

       + Changing the private key can mean loss of access to email
	encrypted under the old key.

Only if you throw away old keys. Doctor, Doctor, it hurts when I do this. - So Do not do that :-)

       + Signatures stop verifying when the signature key expires,
	even though they were valid at the the email was received.

Again, do not throw away the old keys. An MUA should not allow a user to throw away any key needed for any message still in the store. Yep - complex.

....

--

Doug Royer - (http://DougRoyer.US  http://goo.gl/yrxJTu )
DouglasRoyer@xxxxxxxxx
714-989-6135

<<attachment: smime.p7s>>


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]