Re: Why are mail servers not also key servers?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I just wanted to second the draft-bhjl-x509-srv approach as preferable as opposed to a new SMTP extension.  That draft calls for transport of the certificate request and response to be over HTTPS.  As HTTPS is based on Web PKI and generally has more up-to-date crypto (due to the ecosystem) that traffic will stay private.  SMTP uses STARTTLS which has stripping problems, and its PKI is worse off.  There's a lot of self signed certs there making certificate path validation problematic.  Just my two cents.

-Wei

On Thu, Apr 20, 2017 at 1:54 PM, John Levine <johnl@xxxxxxxxx> wrote:
In article <FC831208-97A3-4F1B-A37C-F8646C3FB208@xxxxxxxxx> you write:
>> SMTP servers could be key servers without having the private key of
>> individuals?
>
>Sure. If they double as HTTPS servers.

As others have noted, this topic has come up more than a few times before.

Here's a recent draft we wrote for a simple per domain https key
server, based almost entirely on existing standards.  It distributes
public keys.  Managing your private keys on all of your MUAs remains
as intractable a problem as it's always been.

https://datatracker.ietf.org/doc/draft-bhjl-x509-srv/

R's,
John


<<attachment: smime.p7s>>


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]