On Wed 12/May/2021 18:46:08 +0200 Dave Crocker wrote:
On 5/12/2021 9:31 AM, Valdis Klētnieks wrote:
Right. Your MX publishes a public key to which it has the corresponding
private key.
It doesn't have to. The mail-based update protocol for wkd[*], for example, is
designed to keep the secret key secret.
This is well understood technology - see any company that intercepts
https:// and re-encrypts the user-side traffic using their own keys.>
or DKIM.
Neither case provides for end-to-end crypto. (Hm... possibly except DKIM for
postmaster to postmaster communication, deploying the binary key as OpenGPG.
Not an alluring technique.)
Best
Ale
--
[*]
https://datatracker.ietf.org/doc/html/draft-koch-openpgp-webkey-service#section-4
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp