> On 15 Jul 2017, at 1:36, Michael Richardson <mcr+ietf@xxxxxxxxxxxx> wrote: > > > Yoav Nir <ynir.ietf@xxxxxxxxx> wrote: >> This is part of a wider issue. Even without delegation, if I use my own >> email account with several MUAs (say, my laptop and my phone), where is >> the private key stored? Is it shared between laptop and phone? > > I think that simple delegation would be a better tool to delegate email > access from my desktop to my phone and/or laptop. That way the server > knows it's an anciliary device, it could be revoked easier, and a more > suspicious profile could be applied by servers. Google has tried to > do this with the "App passwords", but my understanding is that they still > not restricted to specific apps. Just additional passwords that have > most access, but not password resetting access. > > OpenPGP format permits a (public) key blog on contain many signing (sub)keys, > and so distributing a public key with a set of subkeys where the private > keys are stored into laptops and phones, etc. would work. > >> You end up reading encrypted mail only using one MUA, which is one more >> thing dragging the use of S/Mime down. > > Agreed; I'm not sure if PKIX has a subkey concept. I suspect it's in a > standard, but I'm unclear if it was ever deployed. That works OK for signatures, but for encryption? You’d have to encrypt the message with each subkey. Yeah, I know only the symmetric key gets encrypted but it’s still ugly. And we haven’t even mentioned the web MUA and where it stores the private keys.
Attachment:
signature.asc
Description: Message signed with OpenPGP