ietf-smtp
[Top] [All Lists]

Re: [ietf-smtp] New Mailing List to discuss email canonicalization?

2016-04-25 03:36:14
On 23/04/2016 03:15, Peter Bowen wrote:
Imagine you run a large mailbox provider (e.g. Gmail, Hotmail, Yahoo
mail, Fastmail, etc) and you want to create managed keys and
certificates for every user.  Most of your users exclusively use
webmail, so they don't have a traditional MUA.  You also support local
part canonicalization using an algorithm (e.g. remove all periods and
downcase).

Now you want to enable people to discover the right certificate when
sending mail to your users and validate certificates when receiving
mail from your users.  What do you do?

Hang on - step back a minute...

'you want to create managed keys and certificates for every user.'

Doesn't this mean that the user has just thrown away any chance of security?

'I want to encrypt my emails, so I'll just let a company I have no control over generate a "private" key for me'...

Again, this seems to come back to giving people the illusion of security rather than true security.

Ignoring that huge problem, then why does the user not simply choose the form of the email address they want to use (fred.bloggs, FredBloggs etc) and tell you that, then you generate a certificate which matches. Then, hey presto, the FROM address matches the certificate. Seems simple to me.




_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp

<Prev in Thread] Current Thread [Next in Thread>