ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Why are mail servers not also key servers?

2017-04-20 22:35:57
from [Doug Royer] [Permanent Link] 
On 04/20/2017 05:40 PM, Paul Wouters wrote:

On Thu, 20 Apr 2017, Rui Costa wrote:
So, can someone point me to some URL/documentation/https://mailarchive.ietf.org/arch/msg/ietf/xyz explaining the point on having keys/cryptography somewhere in between these 2 end points? (And thus i guess i'm saying i don't understand cryptography's point on scenarios other than what i think people have called on these threads "E2E".) 

I want to send you an encrypted email. I need your key. I can send a
plaintext email asking you for the key. I have to hope that it really
reached you and that it is you who gave me the key and that the key
was not modified in transport.
You send me a signed email from a mutually trusted source. I now have your public key, because you can extract it from the signed S/MIME email. (I am guessing you can do this with PGP.)
I can now send you an encrypted email, and it includes my public key, so you can decrypt it.
There are free email cert companies. This email is signed by one (unless the list server strips them out like it used to). Your MUA now knows my public key. 

--

Doug Royer - (http://DougRoyer.US  http://goo.gl/yrxJTu )
DouglasRoyer(_at_)gmail(_dot_)com
714-989-6135

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Why are mail servers not also key servers?, John Levine
Next by Date:  Re: Why are mail servers not also key servers?, Doug Royer
Previous by Thread:  RE: Why are mail servers not also key servers?, Paul Wouters
Next by Thread:  Re: Why are mail servers not also key servers?, Philip Homburg
Indexes:  [Date] [Thread] [Top] [All Lists]