Re: Why are mail servers not also key servers?

On 04/21/2017 07:35 AM, Rich Kulawiec wrote:
> On Thu, Apr 20, 2017 at 11:48:04AM -0600, Doug Royer wrote:
> > I would like to see an extension so that the MUA could contact the
> > destination server (perhaps their MX record host) and get a users PUBLIC
> > key. Perhaps (just an idea - no screaming please) a new TXT record type that
> > points to the domains PubKey server.
> How's this going to work when the MUA is:
>
>         - running on a host that's not connected to the 'net
>         - running on a host that can't connect to MX's (because
>                 of local firewall rules)
>         - running on a host that can't connect to MX's (because
>                 they're unreachable or down)
>         - running on a host that can't connect to MX's (because
>                 they no longer exist)
>         - running on a host that can connect to the MX's but can't
>                 get the user's public key because the user is no
>                 longer valid
>         - and so on
>
> There are way too many failure modes here that will render messages that
> have already been received either temporarily or permanently unreadable.
Currently, if you need to send an encrypted email to someone, and you 
can not get their public key - same results. No change. It does not 
break anything that is not already broken.
You only need their public key when you want to send them encrypted 
email first, If your happy with first a signed one, then encrypted one, 
then you do not need to look one up.
Automated email might have a hard time performing the signed email 
exchange first, followed by the encrypted email. Humans could do it 
manually and only be slightly annoyed at the extra step.
No matter what kind of public key lookup service is designed, if you can 
not reach it, it is not going to work.
--

Doug Royer - (http://DougRoyer.US  http://goo.gl/yrxJTu )
DouglasRoyer(_at_)gmail(_dot_)com
714-989-6135

smime.p7s
Description: S/MIME Cryptographic Signature