> It's also conceivable that a company would offer users the ability to upload
> their public key to the repository.
True, although if it's web mail you're going to need some impressively
complex Javascript to arrange so that the user can read the mail but the
provider can't.
It's a nasty problem even if you're willing to settle for possibly
exposing the message but not the private key.
And even if you're willing to expose the private key to the webmail system,
there's the interesting issue of how to set things up so your mobile
client shares the same key.
>> you run the key lookup server, so you can apply whatever your
>> local-part equivalence rules are.
>
> I generally agree, but I want to point out that while equivalence to
> a canonical address with an associated key is sufficient to solve this
problem,
> it isn't necessary:
Oh, of course, sorry if that wasn't clear. You need a mapping from the
address to the key, not to a canonical anything.
In our software having a canonical address for all the addresses associated
with an LDAP entry is optional, and may in fact be disallowed.
Ned
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp