ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Why are mail servers not also key servers?

2017-04-21 10:39:43
from [Doug Royer] [Permanent Link] 
On 04/21/2017 08:24 AM, Phillip Hallam-Baker wrote:

...
Tweaking the SMTP mail infrastructure doesn't help because the sending and receiving device do not interact with either server directly under the current model. SMTP email has grown to meet a lot of important requirements in ways that make repurposing SMTP mail servers a non starter.
They do not, does not mean they can not. So, maybe SMTP server is not the correct place. But MX host might be, with a public key server on a different port. Because the MX host is currently the authority for an email addresses validity checking (well it bounces it if its not valid - but it knows if its valid). 

Is it repurposing? Is this really different?

  RCPT TO user@domain
  250 OK
  550 No such user here

  PEMCERT user@domain
  250 OK ...PEM-encoded-cert..
  550 No such user here

  PGPCERT user@domain
  250 OK ...PGP-encoded-cert..
  550 No such user here
Thoughts below on this. And I am thinking of how the code would be written ...
I was leaning towards the SMTP/MX server because its currently the only place of authority where you can find out if user@host is valid. If you send a RCPT TO and it says, NO, then your done.
I have no problem with another solution. I just think you would have to replicate the email address validity check problem as part of that other implementation. 'User' is not always the same as email address. So any new service would have to know about email proxy rewrite rules (Doug.Royer@gateway -> dougr@his-site-server), mailing/distribution lists, ... and the mess goes on.
I am not saying a public key server would need to understand those rules. I am saying that Doug.Royer@gateway would be the public key you might need. I am saying a public key server would need to parallel the knowledge of what the SMTP server already knows is a valid email address for its site. Currently Doug.Royer@gateway is in some file/database as valid in a way that is currently unique the SMTP server implementation.
And, who is the local authority for the public cert of Doug.Royer@gateway? The SMTP server already knows it goes to dougr@his-site-server.
So, maybe the SMTP server is not the place. I think it would make for a simpler implementation. Or maybe an entirely news service, that the SMTP server would use, to make sure they are in sync.
It seems to me that a completely new approach is not going to be adopted as quickly as extending SMTP.
Or I could see the SMTP server implementation also opening up a new public key service port that is only used for fetching public keys. And that port could use a non-SMTP protocol. However the MX host is the authority. 

Lets not make two authorities.

--

Doug Royer - (http://DougRoyer.US  http://goo.gl/yrxJTu )
DouglasRoyer(_at_)gmail(_dot_)com
714-989-6135

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Why are mail servers not also key servers?, Phillip Hallam-Baker
Next by Date:  Re: Why are mail servers not also key servers?, John C Klensin
Previous by Thread:  Re: Why are mail servers not also key servers?, Phillip Hallam-Baker
Next by Thread:  Re: Why are mail servers not also key servers?, John C Klensin
Indexes:  [Date] [Thread] [Top] [All Lists]