-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
In message <20131016194513(_dot_)37800(_dot_)qmail(_at_)joyce(_dot_)lan>, John
Levine
<johnl(_at_)taugh(_dot_)com> writes
Sender fetches TXT _encrypt._domainkey.recipient.com. If it exists,
it uses the p= public key to encrypt the whole message,
erk ... you don't generally wish to use public keys on whole messages,
the planet is getting pretty warm already -- there are practical reasons
why existing schemes involve encrypting with a stream cipher with a
randomly chosen session key and then just using the public key system
for transmitting the session key. This also allows you to disclose just
the session key under some levels of legal duress -- keeping your main
key secret.
This gets close to end to end encryption, without a lot of new
mechanism.
there are already schemes for putting keys into DNS -- here's a write up
[there may be better discusssions, this was just the first substantive
discussion that my searching threw up] that covers three schemes (and
which points at RFCs where they exist)
http://gushi.livejournal.com/524199.html
Now I understand that there's more than just encryption to the proposal
(in particular the way that out of the box PGP doesn't hide Subject
header fields surprises many people), but staying closer to existing
proposals rather than trying to add this onto DKIM seems wiser
- --
richard Richard Clayton
Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755
-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1
iQA/AwUBUl8vk+INNVchEYfiEQKYAACfZrg6lE/zo+LIHCxP7DGMroDuta4AoMxa
YfJmiKnpe1uSq7tInjvsI7Ek
=uOAM
-----END PGP SIGNATURE-----
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp