Behalf Of John Levine
Sent: Wednesday, October 16, 2013 2:24 PM
Subject: Re: [ietf-smtp] Request for discussion of Mandatory Secure Mail
Delivery proposal (draft-wchuang-msmd)
I agree, and if adopted and deployed, it will require user
education/and careful consideration during deployment not to overstate
what this does.
Given how complex this proposal is, I'm wondering whether it wouldn't be
better to do something entirely within the channel, e.g., whole message
encryption using DKIM keys. It would accomplish pretty much the same
thing, while requiring much less of intermediate mail systems.
Presumably you are referring to using the destination domain DKIM keys to
encrypt (please correct me if I am wrong). This may work well at the domain
level (I'm assuming alignment) but there may be operational issues when the
receiving MTA is different from the domains sending (signing) servers. I think
using DKIM is certainly worth examining. During the DKIM working group
discussions we had discussed the possibility of leveraging it beyond the
initial intended purpose.
ietf-smtp mailing list