ietf-smtp
[Top] [All Lists]

Re: [ietf-smtp] New Mailing List to discuss email canonicalization?

2016-04-25 11:27:38
'you want to create managed keys and certificates for every user.'

Doesn't this mean that the user has just thrown away any chance of security?

'I want to encrypt my emails, so I'll just let a company I have no 
control over generate a "private" key for me'...

Not necessarily.  It entirely depends on the relationship between the
user and the MTA operator.  If the users are employees of the
operator, it's entirely reasonable for the operator to control the
certs.  Even if the operator is someone like gmail, users might
reasonably decide that a system that lets Google continue to read
their mail while making it harder for random outsiders to do so is an
improvement over what they had before.


Ignoring that huge problem, then why does the user not simply choose the 
form of the email address they want to use (fred.bloggs, FredBloggs etc) 
and tell you that, then you generate a certificate which matches. Then, 
hey presto, the FROM address matches the certificate. Seems simple to me.

Agreed.  And for external parties wanting to find your users' keys,
you run the key lookup server, so you can apply whatever your
local-part equivalence rules are.

R's,
John

_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp

<Prev in Thread] Current Thread [Next in Thread>