ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Why are mail servers not also key servers?

2017-04-21 08:59:57
from [Doug Royer] [Permanent Link] 
On 04/21/2017 06:06 AM, Philip Homburg wrote:

You send me a signed email from a mutually trusted source. I now have
your public key, because you can extract it from the signed S/MIME
email. (I am guessing you can do this with PGP.)


Just replying to a random part of the discussion.

Is there any kind of description and any kind of agreement of what attacks
secure mail is supposed to defend against?
I am not a security expert, I did however buy a couple of them lunch at an IETF meeting years ago and I am sure that the experts will correct any misstatements I have made here. S/MIME has been working for years. 


Without a clear statement of what it is supposed to do, it is not possible
to figure out whether a proposal actually meets that goal. And without a
clear goal it is also not possible to figure out if the system is going to
useful or not.
To be clear, this is not a goal or proposal. This is how S/MIME works now. This is how it was designed to work. 


People have wildly different ideas of what e-mail security means.

In the context of this discussion, one thing I'm curious about, and something
that should be clear from the description of the attack vectors, is who
controls a key.
You should be in control of your private keys. You private key is as secure as you make it. The average non-technical user will just send email, get email, and might make sure that the signed, or encrypted email checkbox is checked in their MUA. 


To put it in terms of TLS certificates, is an e-mail key 'DV' or 'EV'?



It is easy to come up with lots of ways in which a domain holder can provide
a public key for a mailbox at that domain. But is that what we want?
In some cases, like corporate mailboxes, probably yes. In other cases,
journalists or activists with an e-mail account at a big e-mail provider,
probably not.
The only reason you need to fetch a persons private key first, is so that you do not have to exchange the signed and not encrypted key first.
And I would imagine that a journalist and activists would most definitely want people to send them encrypted email. 

--

Doug Royer - (http://DougRoyer.US  http://goo.gl/yrxJTu )
DouglasRoyer(_at_)gmail(_dot_)com
714-989-6135

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Why are mail servers not also key servers?, Doug Royer
Next by Date:  Re: Why are mail servers not also key servers?, Phillip Hallam-Baker
Previous by Thread:  Re: Why are mail servers not also key servers?, Philip Homburg
Next by Thread:  Re: Why are mail servers not also key servers?, Philip Homburg
Indexes:  [Date] [Thread] [Top] [All Lists]