Re: Need for secured email delegation workflow

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Yoav Nir <ynir.ietf@xxxxxxxxx> wrote:
    >> OpenPGP format permits a (public) key blog on contain many signing
    >> (sub)keys, and so distributing a public key with a set of subkeys
    >> where the private keys are stored into laptops and phones, etc. would
    >> work.

    >>> You end up reading encrypted mail only using one MUA, which is one
    >>> more thing dragging the use of S/Mime down.

    >> Agreed; I'm not sure if PKIX has a subkey concept.  I suspect it's in
    >> a standard, but I'm unclear if it was ever deployed.

    > That works OK for signatures, but for encryption?  You’d have to
    > encrypt the message with each subkey.  Yeah, I know only the symmetric
    > key gets encrypted but it’s still ugly.

I'm pretty sure that the spec already says to do that.

    > And we haven’t even mentioned the web MUA and where it stores the
    > private keys.

There are existing S/MIME and PGP plugins and extensions for browsers that do
this.  I'm aware of one that has received significant commercial success in
some quarters.  I think that they can use the javascript local storage for
private keys, but I suspect that they also have options to store them
encrypted elsewhere.

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        | network architect  [
]     mcr@xxxxxxxxxxxx  http://www.sandelman.ca/        |   ruby on rails    [



--
Michael Richardson <mcr+IETF@xxxxxxxxxxxx>, Sandelman Software Works
 -= IPv6 IoT consulting =-



Attachment: signature.asc
Description: PGP signature


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]