ietf-smtp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-smtp] Public Key Look Up

2021-05-12 12:04:28
from [Alessandro Vesely] [Permanent Link] 
On Wed 12/May/2021 18:25:00 +0200 John R Levine wrote:

On Tue, 11 May 2021, John C Klensin wrote:

I'm not clear why a domain's MX would be the wrong place. ..,


Well, if the keys were signed by entities I trusted, I wouldn't
be worried about what "authoritative source" means.
Indeed.  But if the keys include signatures, it doesn't matter where they come from, so we're back to asking why nobody seems to use the key servers that already exist.
Some people has been using those key servers. However, they're vulnerable to pgp-poisoning attacks[*]. 


Best
Ale
--

[*] https://github.com/skeeto/pgp-poisoner











_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-smtp] Public Key Look Up, Alessandro Vesely
Next by Date:  Re: [ietf-smtp] Public Key Look Up, John C Klensin
Previous by Thread:  Re: [ietf-smtp] Public Key Look Up, John R Levine
Next by Thread:  Re: [ietf-smtp] Public Key Look Up, John C Klensin
Indexes:  [Date] [Thread] [Top] [All Lists]