ietf
[Top] [All Lists]

Re: Why are mail servers not also key servers?

2017-04-21 10:48:36


--On Friday, April 21, 2017 09:35 -0400 Rich Kulawiec
<rsk(_at_)gsp(_dot_)org> wrote:

On Thu, Apr 20, 2017 at 11:48:04AM -0600, Doug Royer wrote:
I would like to see an extension so that the MUA could
contact the destination server (perhaps their MX record host)
and get a users PUBLIC key. Perhaps (just an idea - no
screaming please) a new TXT record type that points to the
domains PubKey server.

How's this going to work when the MUA is:

      - running on a host that's not connected to the 'net
      - running on a host that can't connect to MX's (because
              of local firewall rules)
      - running on a host that can't connect to MX's (because
              they're unreachable or down)
      - running on a host that can't connect to MX's (because
              they no longer exist)
      - running on a host that can connect to the MX's but can't
              get the user's public key because the user is no
              longer valid
      - and so on

There are way too many failure modes here that will render
messages that have already been received either temporarily or
permanently unreadable.

An idea was kicked around some years ago (can't remember if
there was ever an I-D) to create an SMTP extensions that would
work more or less like VRFY to return either the public key of
the server, that of a user associated with an address, or both.
IIR it never got any traction, partially because of the issues
Rich identified about and partially because of the issues others
have mentioned about being sure one reaches the right server
and/or can trust the keys received.

In addition, as others have pointed out, if you can't trust your
email (server) provider, then expecting others to trust keys on
the basis that they are obtained from that server may not make a
lot of sense.

   john