ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [dane] PGP security models, was Summary of IETF LC for draft-ietf-dane-openpgpkey

2015-09-23 13:15:52
from [John Levine] [Permanent Link] 
Of course it does. I can upload a new and stronger key with keyid
johnl(_at_)taugh(_dot_)com to the keyservers and now you cannot read any email 
people
send you that is automatically encrypted to a key you don't own. You can't
trust the keyservers for the binding between keyid and email address.


I understand the argument for better keyservers, e.g., you have to
click on a URL in a message encrypted to the key before they publish
it.  I don't understand the argument to replace it with something else
with a whole new bunch of security and other issues.

R's,
John
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Last Call: <draft-ietf-lwig-ikev2-minimal-02.txt> (Minimal IKEv2) to Informational RFC (fwd), Paul Wouters
Next by Date:  Re: [dane] PGP security models, was Summary of IETF LC for draft-ietf-dane-openpgpkey, Sam Hartman
Previous by Thread:  Re: [dane] PGP security models, was Summary of IETF LC for draft-ietf-dane-openpgpkey, Paul Wouters
Next by Thread:  Re: [dane] PGP security models, was Summary of IETF LC for draft-ietf-dane-openpgpkey, Harald Alvestrand
Indexes:  [Date] [Thread] [Top] [All Lists]