Yoav Nir <ynir.ietf@xxxxxxxxx> wrote: >> OpenPGP format permits a (public) key blog on contain many signing >> (sub)keys, and so distributing a public key with a set of subkeys >> where the private keys are stored into laptops and phones, etc. would >> work. >>> You end up reading encrypted mail only using one MUA, which is one >>> more thing dragging the use of S/Mime down. >> Agreed; I'm not sure if PKIX has a subkey concept. I suspect it's in >> a standard, but I'm unclear if it was ever deployed. > That works OK for signatures, but for encryption? You’d have to > encrypt the message with each subkey. Yeah, I know only the symmetric > key gets encrypted but it’s still ugly. I'm pretty sure that the spec already says to do that. > And we haven’t even mentioned the web MUA and where it stores the > private keys. There are existing S/MIME and PGP plugins and extensions for browsers that do this. I'm aware of one that has received significant commercial success in some quarters. I think that they can use the javascript local storage for private keys, but I suspect that they also have options to store them encrypted elsewhere. -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works | network architect [ ] mcr@xxxxxxxxxxxx http://www.sandelman.ca/ | ruby on rails [ -- Michael Richardson <mcr+IETF@xxxxxxxxxxxx>, Sandelman Software Works -= IPv6 IoT consulting =-
Attachment:
signature.asc
Description: PGP signature