A certificate repository is, at best, relaying *stale* information it
got from somewhere else. Only the MUA actually knows what keys are held
by the user at any given moment. So why have a middleman?
Convenience? Convenient access to the MUA's knowledge can be had
without a central repository. Why else?
I'm sorry, this makes no sense. How is my MUA supposed to know about the
key of someone from whom I have not yet received a message? Based on the
arguments I've seen, the main point of a key lookup service is to enable
opportunistic encryption on the first message.
Also, your assertion that the cert repository is likely to be stale makes
a bunch of assumptions that were reasonable in the 1990s but not now.
For example, vast numbers of people primarily use web mail, so the MTA and
MUA are the same, they're both attached to the web server, so the
repository sees the same certs the users do. (We know why this model has
all sorts of security problems, but half a billion web mail users aren't
going away.)
And in domains that are authorities for their users, e.g., businesses that
provide accounts to their employees, the domain's repository is accurate
by definition, and there's an argument that repository checks can detect
some kinds of mail forgery.
Regards,
John Levine, johnl(_at_)taugh(_dot_)com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail.
_______________________________________________
smime mailing list
smime(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/smime