For encrypted mail, this is clearly right. For signed mail, it's not
unreasonable
but it's also less clear. The whole issue of binding real world identities
to e-
mail addresses is a swamp, not one that I think we are any better at draining
than anyone else. For PGP, there's the web of trust which is supposed to
help you decide whether a key matches a person, but doesn't really say
anything about the e-mail addresses attached to the key. For S/MIME the
CA does what it does, which these days is rarely any more than a challenge
message to the e-mail address.
So I mostly agree with you, with the caveat that you have to be careful not to
misinterpret assurances about an e-mail address as assurances about the
person or entity allegedly associated with that address.
What I loved about SPKI/SDSI was the idea of namespaces and namespace chaining.
"The key that Alice nicknamed 'Bob's key'" is unambiguous and implementable.
Once I've named a key, a computer can track that name across multiple different
identifiers effortlessly. Once I tell the computer that *this specific key*
represents "Alice from the Home Office," Alice can use any address--indeed, any
protocol that allows her to sign messages--and my computer can tell me it's
Alice from the Home Office.
No complex web of trust, no CAs. If I were implementing, I'd be straight up
stealing this.
Yes, a priori discovery in a morass of SPKI/SDSI certificates is a right royal
PITA, but you can't have everything. But then again, maybe we don't actually
have that problem. It's all in how you think about the issue.
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp