Re: [ietf-smtp] DKIM encryption, was Request for discussion
2013-10-17 14:51:46
On Thu, 17 Oct 2013, Rolf E. Sonneveld wrote:
There might be a potential 'conflict' however between a) the original idea of
Wei, where the end-user can request from within his _MUA_ for a secure
transport and b) the way DKIM operates, in general between boundary MTA's of
sending ADMD and receiving ADMD. For example: the MUA can check for the
existence of public keys in the domain of the intended recipient, but it
doesn't know whether the MSA or his ADMD-boundary MTA and/or the receiving
ADMD boundary MTA will support the requested level of security.
I think that most end users won't understand what the various levels of
security mean. Nor should they. Those that do are probably able to perform
some checks themselves, should security really matter to the email they
want to send. In which case they'll probably conclude that they need
end-to-end encryption and switch to something like PGP.
What I like about this idea is that it makes email traffic more secure for
everyone, but does so entirely behind the scenes. Kind of like DKIM signs
emails, without bothering the end-user, who probably has a different idea
of 'signing' anyway, with telling them about it.
As for the trustworthiness of the receiving domain publishing its key: here
we might benefit from the work of the repute workgroup: a better reputation
might indicate (or might be interpreted) as more trustworthiness. However, it
is far too simplistic to say 'trustworthiness=reputation'.
I think trustwhorthiness is pretty hard to quantify here and in many cases
will include subjective assertions, or things that only become known after
the fact. Also, given that this proposal only claims to protect the
transaction up to the recipient's mail server, I don't think it should
pretend it can say anything about what happens afterwards.
Martijn.
PS happy to help write/test/comment if and when needed.
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: [ietf-smtp] DKIM encryption, was Request for discussion, (continued)
- Re: [ietf-smtp] DKIM encryption, was Request for discussion, Russ Allbery
- Re: [ietf-smtp] DKIM encryption, was Request for discussion, Martijn Grooten
- Re: [ietf-smtp] DKIM encryption, was Request for discussion, Murray S. Kucherawy
- Re: [ietf-smtp] DKIM encryption, was Request for discussion, Steve Atkins
- Re: [ietf-smtp] DKIM encryption, was Request for discussion, John Levine
- Re: [ietf-smtp] DKIM encryption, was Request for discussion, Rolf E. Sonneveld
- Re: [ietf-smtp] DKIM encryption, was Request for discussion, John Levine
- Re: [ietf-smtp] DKIM encryption, was Request for discussion, Rolf E. Sonneveld
- Re: [ietf-smtp] DKIM encryption, was Request for discussion, Dave Crocker
- Re: [ietf-smtp] DKIM encryption, was Request for discussion, Rolf E. Sonneveld
- Re: [ietf-smtp] DKIM encryption, was Request for discussion,
Martijn Grooten <=
- Re: [ietf-smtp] DKIM encryption, was Request for discussion, Richard Clayton
- Re: [ietf-smtp] DKIM encryption, was Request for discussion, Ned Freed
- Re: [ietf-smtp] DKIM encryption, was Request for discussion, SM
- Re: [ietf-smtp] DKIM encryption, was Request for discussion, Ned Freed
- Re: [ietf-smtp] DKIM encryption, was Request for discussion, John C Klensin
- Re: [ietf-smtp] DKIM encryption, was Request for discussion, Wei Chuang
- Re: [ietf-smtp] DKIM encryption, was Request for discussion, Wei Chuang
- Re: [ietf-smtp] DKIM encryption, was Request for discussion, John Levine
- Re: [ietf-smtp] DKIM encryption, was Request for discussion, Ned Freed
- Re: [ietf-smtp] DKIM encryption, was Request for discussion, Wei Chuang
|
|
|