[Top] [All Lists]

Re: [ietf-smtp] DKIM encryption, was Request for discussion

2013-10-17 14:51:46
On Thu, 17 Oct 2013, Rolf E. Sonneveld wrote:
There might be a potential 'conflict' however between a) the original idea of Wei, where the end-user can request from within his _MUA_ for a secure transport and b) the way DKIM operates, in general between boundary MTA's of sending ADMD and receiving ADMD. For example: the MUA can check for the existence of public keys in the domain of the intended recipient, but it doesn't know whether the MSA or his ADMD-boundary MTA and/or the receiving ADMD boundary MTA will support the requested level of security.

I think that most end users won't understand what the various levels of security mean. Nor should they. Those that do are probably able to perform some checks themselves, should security really matter to the email they want to send. In which case they'll probably conclude that they need end-to-end encryption and switch to something like PGP.

What I like about this idea is that it makes email traffic more secure for everyone, but does so entirely behind the scenes. Kind of like DKIM signs emails, without bothering the end-user, who probably has a different idea of 'signing' anyway, with telling them about it.

As for the trustworthiness of the receiving domain publishing its key: here we might benefit from the work of the repute workgroup: a better reputation might indicate (or might be interpreted) as more trustworthiness. However, it is far too simplistic to say 'trustworthiness=reputation'.

I think trustwhorthiness is pretty hard to quantify here and in many cases will include subjective assertions, or things that only become known after the fact. Also, given that this proposal only claims to protect the transaction up to the recipient's mail server, I don't think it should pretend it can say anything about what happens afterwards.


PS happy to help write/test/comment if and when needed.

ietf-smtp mailing list

<Prev in Thread] Current Thread [Next in Thread>