[mailto:owner-ietf-mailsig(_at_)mail(_dot_)imc(_dot_)org] On Behalf Of Andrew
Newton
On Mar 29, 2005, at 9:54 PM, Sam Hartman wrote:
In general I don't think you will find security people in
the IETF are
willing to support a scheme in which a single key is given
to a large
number of parties. So, yes, I think portable keys (by
which I mean a
key that a mail composer can take with them) will tend to
be per-user.
I'm not a security person, but this makes total sense. The
risks with
one shared key seem to be obvious.
A signature private key should ideally be in exactly one physical
location unless it is used to realize a trust axiom.
The rules for encryption keys and certificate signing keys are very
different but for EE signature keys I would try to avoid duplication of
the private key information.
Personally, relegating remote users to some other
domain seems unacceptable.
I agree.
It depends on who you are. For VeriSign or BizyBank to make that
requirement is a no-brainer. If it does not come from the official mail
servers it should not be trusted.
For MIT to make that requirement would be something else entirely. But
MIT is not currently the target of a phishing type attack and even if it
were someone who puts trust in an email from an MIT undergraduate is
taking an interesting security decision.
Phill