ietf-smtp
[Top] [All Lists]

Re: [ietf-smtp] New Mailing List to discuss email canonicalization?

2016-04-25 13:17:20
'you want to create managed keys and certificates for every user.'

Doesn't this mean that the user has just thrown away any chance of security?

'I want to encrypt my emails, so I'll just let a company I have no
control over generate a "private" key for me'...

Not necessarily.  It entirely depends on the relationship between the
user and the MTA operator.  If the users are employees of the
operator, it's entirely reasonable for the operator to control the
certs.  Even if the operator is someone like gmail, users might
reasonably decide that a system that lets Google continue to read
their mail while making it harder for random outsiders to do so is an
improvement over what they had before.

It's also conceivable that a company would offer users the ability to upload
their public key to the repository.

Ignoring that huge problem, then why does the user not simply choose the
form of the email address they want to use (fred.bloggs, FredBloggs etc)
and tell you that, then you generate a certificate which matches. Then,
hey presto, the FROM address matches the certificate. Seems simple to me.

Agreed.  And for external parties wanting to find your users' keys,
you run the key lookup server, so you can apply whatever your
local-part equivalence rules are.

I generally agree, but I want to point out that while equivalence  to
a canonical address with an associated key is sufficient to solve this problem,
it isn't necessary: Strictly speaking all that's necessary is a mapping from
address to key. And there are a myraid of ways to accomplish that, some
of which don't involve a canonical address.

For example, in our implementation the mapping would be from an address to an
LDAP entry that contains the key, which might or might not also have an
associated canonical address.

                                Ned

_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp

<Prev in Thread] Current Thread [Next in Thread>