Hi All,
I'm not sure if this is a topic which has already come up or not (I did
a simple search brought nothing up).
Anyway, the state of email security is still pretty poor despite much
low hanging fruit. PGP is great for those that use
it, but they are a small group. TLS seems to be the only wide spread
security implementation and I suspect that it has worked because it's
transparent to the end users. So, why hasn't key exchange been made to
be transparent? Why are (E)SMTP servers not also key servers? Have users
generate a key pair on registration, store those keys on the server (in
an encrypted archive), and make the public key available. A little
coding later and we've got key exchange and message confidentiality.
Some extra security can be had by giving mail servers their own keys
with which they can sign exchanges (and remember each other). TLS can be
used to as part of an initial key exchange if that is desired. Can
we not extend smtp again to include the necessary key exchange commands?
Is there any movement on this?
Jon