On Feb 19, 2016, at 8:57 AM, Paul Wouters <paul(_at_)nohats(_dot_)ca> wrote:
It can be used where otherwise a message would go out unencrypted.
I think this is the *crucial* point. Just as DANE seems to be a good
fit for authenticating opportunistic TLS in SMTP, implementation details
aside (this draft, vs. addrquery, ...) it also seems like a good fit for
authenticating "opportunistic PGP" if I a may be so bold as to coin a new
term.
One resorts to finding keys via DNS for better than nothing content encryption
of communication with the unwashed masses. For communication with a covert
whistle-blower one probably wants a greater level of assurance.
The PGP web of trust does not scale to ad-hoc contact with strangers, this
draft and its alternatives are to a great extent attempts to fill that gap
by providing keys for opportunistic end-to-end email encryption. Encrypt
what you can, send the rest in the clear.
In some cases, the authenticity of keys obtained via DNS-authenticated
online queries may be verifiable out of band (call the correspondent by
phone or meet them in person and check the fingerprint, ...), then one
might use this and related drafts for key acquisition, with follow-up
verification as and when appropriate.
There is no one-size-fits-all security model for end-to-end encryption.
Neither PGP nor S/MIME dictate a single security model, except by virtue
of lack of extant alternatives.
--
Viktor.