Re: Why are mail servers not also key servers?

On 04/20/2017 11:35 AM, Viktor Dukhovni wrote:
> On Thu, Apr 20, 2017 at 07:01:05PM +0200, Jon wrote:
>
> > This is why I think smtp should be extended. All your mail agents
> > support (E)SMTP and presumably they would all support an extension to
> > smtp. The private keys will need to be stored some how to allow for
> > multiple clients, but a key generated from user input could be used to
> > decrypt a stored copy of the private key.
> A major problems with all E2E email encryption proposals is unrelated
> to key distribution, none of the extant MUAs provide an adequate
> interface for E2E encrypted email.
>
>        + Encrypted email is not searchable.
Sure it is, by the recipient MUA, else the user could not read their 
email. It would not be searchable by a 3rd party - which is the point of 
encryption.
>        + Encrypted email is difficult to scan for spam and malware
The scan would have to take place in the MUA. Firewall scanners would 
fail, as they do now with S/MIME or encrypted PGP.
>        + Changing the private key can mean loss of access to email
>         encrypted under the old key.
Only if you throw away old keys. Doctor, Doctor, it hurts when I do 
this. - So Do not do that :-)
>        + Signatures stop verifying when the signature key expires,
>         even though they were valid at the the email was received.
Again, do not throw away the old keys. An MUA should not allow a user to 
throw away any key needed for any message still in the store. Yep - complex.
> ....
--

Doug Royer - (http://DougRoyer.US  http://goo.gl/yrxJTu )
DouglasRoyer(_at_)gmail(_dot_)com
714-989-6135

smime.p7s
Description: S/MIME Cryptographic Signature