On 04/21/2017 07:35 AM, Rich Kulawiec wrote:
On Thu, Apr 20, 2017 at 11:48:04AM -0600, Doug Royer wrote:
I would like to see an extension so that the MUA could contact the
destination server (perhaps their MX record host) and get a users PUBLIC
key. Perhaps (just an idea - no screaming please) a new TXT record type that
points to the domains PubKey server.
How's this going to work when the MUA is:
- running on a host that's not connected to the 'net
- running on a host that can't connect to MX's (because
of local firewall rules)
- running on a host that can't connect to MX's (because
they're unreachable or down)
- running on a host that can't connect to MX's (because
they no longer exist)
- running on a host that can connect to the MX's but can't
get the user's public key because the user is no
longer valid
- and so on
There are way too many failure modes here that will render messages that
have already been received either temporarily or permanently unreadable.
Currently, if you need to send an encrypted email to someone, and you
can not get their public key - same results. No change. It does not
break anything that is not already broken.
You only need their public key when you want to send them encrypted
email first, If your happy with first a signed one, then encrypted one,
then you do not need to look one up.
Automated email might have a hard time performing the signed email
exchange first, followed by the encrypted email. Humans could do it
manually and only be slightly annoyed at the extra step.
No matter what kind of public key lookup service is designed, if you can
not reach it, it is not going to work.
--
Doug Royer - (http://DougRoyer.US http://goo.gl/yrxJTu )
DouglasRoyer(_at_)gmail(_dot_)com
714-989-6135
smime.p7s
Description: S/MIME Cryptographic Signature