ietf
[Top] [All Lists]

Re: Why are mail servers not also key servers?

2017-04-20 09:22:58
On Thu, 20 Apr 2017, Jon wrote:

Why are (E)SMTP servers not also key servers?

You will find a history of that discussion in the dane archives.

Basically, it is the equivalent to the domain's DNS servers acting as
key servers, except that:

- SMTP is often blocked cross-domain, eg by ISPs, hotspot operators, etc
- SMTP failure cannot be distinguished from SMTP attacks, whereas DNSSEC
  based published keys (eg OPENPGPKEY and SMIMEA) can be detected when
  blocked (DNSSEC returns bogus or indeterminate results)
- Using public DNS to publish keys allows for a level of indirection,
  making targeted attacks much harder to do.

generate a key pair on registration, store those keys on the server (in
an encrypted archive), and make the public key available. A little
coding later and we've got key exchange and message confidentiality.

SMTP servers could be key servers without having the private key of
individuals?

Some extra security can be had by giving mail servers their own keys
with which they can sign exchanges (and remember each other). TLS can be
used to as part of an initial key exchange if that is desired. Can
we not extend smtp again to include the necessary key exchange commands?

I believe there was a draft that tried to do something like this.

Paul