On Thu, Apr 20, 2017 at 03:23:42PM +0000, Viktor Dukhovni wrote:
This was all covered in the discussion of draft-moore-email-addrquery.
(Perhaps on the UTA rather than DANE list? I don't recall)
My take at the time was (and remains) that queries for the recipient's
public key can be tunneled through the user's MSA, thereby avoiding
the issue of inability to reach port 25 from consumer end-device
IP space. That discussion unfortunately appears to have worn-out
the draft author.
I still think that draft is worth pursuing, if one is willing to
not set the bar too high. The reason we have so little security
is sometimes (often?) because we're unwilling to accept less than
"perfect" security. It is not unreasonable to trust the MSA to be
a trusted proxy for remote keys. After all, in that model the same
MSA/MTA operator is trusted to vend your keys to others.
The link to DNSSEC could be this:
- the client should learn via DNSSEC that the user's MSA supports this
- the user's MSA should learn via DNSSEC that the target domain (and
any MTAs on the way there) supports this feature.