On Wed 12/May/2021 18:25:00 +0200 John R Levine wrote:
On Tue, 11 May 2021, John C Klensin wrote:
I'm not clear why a domain's MX would be the wrong place. ..,
Well, if the keys were signed by entities I trusted, I wouldn't
be worried about what "authoritative source" means.
Indeed. But if the keys include signatures, it doesn't matter where they come
from, so we're back to asking why nobody seems to use the key servers that
already exist.
Some people has been using those key servers. However, they're vulnerable to
pgp-poisoning attacks[*].
Best
Ale
--
[*] https://github.com/skeeto/pgp-poisoner
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp