ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Why are mail servers not also key servers?

2017-04-20 14:10:59
from [Doug Royer] [Permanent Link] 
On 04/20/2017 12:53 PM, Viktor Dukhovni wrote:
>
>>> A major problems with all E2E email encryption proposals is unrelated
>>> to key distribution, none of the extant MUAs provide an adequate
>>> interface for E2E encrypted email.
>>>        + Encrypted email is not searchable.
>>
>> Sure it is, by the recipient MUA, else the user could not read their email. >> It would not be searchable by a 3rd party - which is the point of encryption. 
>
> Which MUAs index content of encrypted messages? How does this work for clients 
> that store only a cache of recent messages, or webmail?
That is an implementation detail. If the MUA wants to see the message, it can, if it can't, its not an MUA.
Storing the message in a cache is orthogonal to if it is encrypted. I can cache the encrypted message, cache it after its decrypted, or not cache it at all.
Webmail does not work with encrypted email. Never will until you give your private key to some unknown email-web-server implementation and that systems unknown administrator. Not something the IETF should be recommending. 

>>>        + Encrypted email is difficult to scan for spam and malware
>>
>> The scan would have to take place in the MUA. Firewall scanners would fail, 
>> as they do now with S/MIME or encrypted PGP.
>
> Endpoint scans are often not nearly as effective.
No change to the current operation of encrypted email. The entire point of encrypted email is so that no one (including the server) can see the contents of encrypted email. 

If your ISP holds your private key, then you have no privacy in your email.

>>>        + Changing the private key can mean loss of access to email
>>>    encrypted under the old key.
>>
>> Only if you throw away old keys. Doctor, Doctor, it hurts when I do this. 
>> - So Do not do that :-)
>
> The mocking tone is entirely out of place. Not all MUAs support multiple recipient 
> keys.
That is an implementation detail, not a protocol detail. If you want to see old email, don't throw away the key to that email. 

>>>        + Signatures stop verifying when the signature key expires,
>>>    even though they were valid at the the email was received.
>>
>> Again, do not throw away the old keys. An MUA should not allow a user to throw away 
>> any key needed for any message still in the store. Yep - complex.
>
> Should not is not the same as do not. My point is and remains that E2E encryption > of email is not usable with today's MUAs, progress on some of the issues is both 
> difficult and unlikely.
I use E2E almost every day. Works fine. Update the MUA your using. If you do not want to update your MUA, then, your making the decision for things to not work. Its not a protocol issue.
A Web-clients MUA have a problem, because you would have to store the private key in the email-web-server. I would not do that, so I will not use an MUA that allows my private key to be given to another server, managed by some unknown person. They have that problem now - no change. Not fixable, unless you give away your private key. And again, not something the IETF should be recommending. 


--

Doug Royer - (http://DougRoyer.US  http://goo.gl/yrxJTu )
DouglasRoyer(_at_)gmail(_dot_)com
714-989-6135

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Why are mail servers not also key servers?, Viktor Dukhovni
Next by Date:  Re: Why are mail servers not also key servers?, Nico Williams
Previous by Thread:  Re: Why are mail servers not also key servers?, Viktor Dukhovni
Next by Thread:  Re: Why are mail servers not also key servers?, Nico Williams
Indexes:  [Date] [Thread] [Top] [All Lists]