Sender fetches TXT _encrypt._domainkey.recipient.com. If it exists,
it uses the p= public key to encrypt the whole message,
erk ... you don't generally wish to use public keys on whole messages,
the planet is getting pretty warm already -- there are practical reasons
why existing schemes involve encrypting with a stream cipher with a
randomly chosen session key and then just using the public key system
for transmitting the session key.
Seems it'd be easy enough to put a band-aid on that. The outgoing MTA
generates a random key for a block cipher, and the
application/dkim-encrypted is the session key encrypted under the public
key, followed by the message encrypted under the session key, perhaps with
some intevening random crud since the beginning of a message is often a
known plaintext.
I don't purport to know enough crypto to design something secure, but I
gather this is similar to what PGP does.
Regards,
John Levine, johnl(_at_)taugh(_dot_)com, Taughannock Networks, Trumansburg NY
"I dropped the toothpaste", said Tom, crestfallenly.
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp