On 4/20/2017 6:20 AM, Jon wrote:
So, why hasn't key exchange been made to
be transparent? Why are (E)SMTP servers not also key servers?
SMTP is a transfer protocol, for sending a specialized 'file' /to/ a
server. A key server needs a query transaction, to get small bits of
data /from/ a server. They are fundamentally different interaction
service models.
A closer approximation would be DNS, which perhaps explains DKIM and
DANE, as has been cited in this thread. (However they are at the domain
level and you appear to be targeting per-user keys, given the PGP
reference. That's a much harder problem.)
The deeper concern is the apparent view that lack of key servers is the
limiting factor in use of encryption. Typically, the problem is
assessed as usability -- key management on the infrastructure side, and
end-user interface on the apps side.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net