|
Re: [dane] PGP security models, was Summary of IETF LC for draft-ietf-dane-openpgpkey
2015-09-23 12:44:29
I also think you have higher trust in dnssec-validated keys than a key
that you get from a key server without a trust path to some key you
trust.
Not really. The only credible assertion a self-signature like DNSSEC can
make is "this is me." But in this case it's "this is my user" which is
not the same thing. Unless you know something about the relationship
between the domain and its mail users, that might be anywhere from
completely true to completely false.
If it's false, it doesn't have to be false for malicious reasons. If I
ran a webmail service, call it GooHoo, I'd publish keys for all my users.
Why not? The opportunistic encryption keeps random strangers from
snooping on incoming mail, webmail pretty much requires that the mail
service handle the encryption (there are plugins, but I've never found one
that was at all usable), and I can continue to enhance the experience of
my webmail users by displaying relevant ads from our trusted marketing
partners.
Also, it seems to me that most of the complaints about key servers could
be fixed by improving the key servers, without having to change the
existing pgp clients that use them.
R's,
John
| <Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: [dane] PGP security models, was Summary of IETF LC for draft-ietf-dane-openpgpkey, (continued)
- Re: [dane] PGP security models, was Summary of IETF LC for draft-ietf-dane-openpgpkey, Randy Bush
- Re: [dane] PGP security models, was Summary of IETF LC for draft-ietf-dane-openpgpkey, Sam Hartman
- Re: [dane] PGP security models, was Summary of IETF LC for draft-ietf-dane-openpgpkey, Dave Crocker
- Re: [dane] PGP security models, was Summary of IETF LC for draft-ietf-dane-openpgpkey, Sam Hartman
- Re: [dane] PGP security models, was Summary of IETF LC for draft-ietf-dane-openpgpkey, Dave Crocker
- Re: [dane] PGP security models, was Summary of IETF LC for draft-ietf-dane-openpgpkey, Paul Wouters
- Re: [dane] PGP security models, was Summary of IETF LC for draft-ietf-dane-openpgpkey, Philip Homburg
- Re: [dane] PGP security models, was Summary of IETF LC for draft-ietf-dane-openpgpkey, Phillip Hallam-Baker
- Re: [dane] PGP security models, was Summary of IETF LC for draft-ietf-dane-openpgpkey, John Levine
- Re: [dane] PGP security models, was Summary of IETF LC for draft-ietf-dane-openpgpkey, Sam Hartman
- Re: [dane] PGP security models, was Summary of IETF LC for draft-ietf-dane-openpgpkey,
John R Levine <=
- Re: [dane] PGP security models, was Summary of IETF LC for draft-ietf-dane-openpgpkey, Sam Hartman
- Re: PGP security models, was Summary of IETF LC for draft-ietf-dane-openpgpkey, John R Levine
- Re: PGP security models, was Summary of IETF LC for draft-ietf-dane-openpgpkey, Eliot Lear
- Re: PGP security models, was Summary of IETF LC for draft-ietf-dane-openpgpkey, John R Levine
- Re: PGP security models, was Summary of IETF LC for draft-ietf-dane-openpgpkey, Melinda Shore
- Re: PGP security models, was Summary of IETF LC for draft-ietf-dane-openpgpkey, Phillip Hallam-Baker
- Re: PGP security models, was Summary of IETF LC for draft-ietf-dane-openpgpkey, Paul Wouters
- Re: PGP security models, was Summary of IETF LC for draft-ietf-dane-openpgpkey, Paul Wouters
- Re: PGP security models, was Summary of IETF LC for draft-ietf-dane-openpgpkey, Simon Josefsson
- Re: PGP security models, was Summary of IETF LC for draft-ietf-dane-openpgpkey, Paul Wouters
|
|
|