It appears that John C Klensin <john-ietf(_at_)jck(_dot_)com> said:
Matthias,
I found this very helpful ... and quite consistent with my
experience and predictions from very different contexts. I
think we need to be aware of the tempting target presented by an
organizational server that holds and manages private keys but,
in the grand scheme of things, that may be less problematic and
risky than, e.g., hop by hop encryption with messages in clear
on poorly protected relay boxes.
Agreed, it's a nice summary.
I have noted there is currently no way to get a single S/MIME certificate
without paying an unreasonable amount of money. A few CAs used to issue them
for free,
but no more. Some sort of LE for S/MIME would be much more likely make a
difference
than yet another kind of rarely available key server.
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp