ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Why are mail servers not also key servers?

2017-04-20 14:51:07
from [Matthew Kerwin] [Permanent Link] 
On 21 Apr. 2017 3:57 am, "Doug Royer" <douglasroyer(_at_)gmail(_dot_)com> wrote:

On 04/20/2017 11:35 AM, Viktor Dukhovni wrote:


On Thu, Apr 20, 2017 at 07:01:05PM +0200, Jon wrote:



       + Changing the private key can mean loss of access to email

        encrypted under the old key.



Only if you throw away old keys. Doctor, Doctor, it hurts when I do this. -
So Do not do that :-)


       + Signatures stop verifying when the signature key expires,

        even though they were valid at the the email was received.



Again, do not throw away the old keys. An MUA should not allow a user to
throw away any key needed for any message still in the store. Yep - complex.



... And re-import every old key when you switch to a new MUA. Sounds like
fun to enforce.

Cheers
-- 
Matthew Kerwin
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: TSV-ART review of draft-ietf-core-coap-tcp-tls-07, Brian Raymor
Next by Date:  Re: Why are mail servers not also key servers?, Phillip Hallam-Baker
Previous by Thread:  Re: Why are mail servers not also key servers?, Phillip Hallam-Baker
Next by Thread:  Re: Why are mail servers not also key servers?, Doug Royer
Indexes:  [Date] [Thread] [Top] [All Lists]