ietf
[Top] [All Lists]

Re: Why are mail servers not also key servers?

2017-04-26 19:29:00
On 04/26/2017 03:12 PM, Dave Crocker wrote:
On 4/20/2017 6:20 AM, Jon wrote:
So, why hasn't key exchange been made to
be transparent? Why are (E)SMTP servers not also key servers?


SMTP is a transfer protocol, for sending a specialized 'file' /to/ a server. A key server needs a query transaction, to get small bits of data /from/ a server. They are fundamentally different interaction service models.

Yes.

From an implementation point of view the MX/MTA is currently the only 'authority' for what is a known email for a domain.

LDAP is generally not exposed to the Internet.

I understand that if a new non-MX/MTA protocol is designed, any compliant MUA and MTA would have to be rewritten, along with a new key server.

I was thinking that having them combined would be less new code and typing :-)

A closer approximation would be DNS, which perhaps explains DKIM and DANE, as has been cited in this thread. (However they are at the domain level and you appear to be targeting per-user keys, given the PGP reference. That's a much harder problem.)

The deeper concern is the apparent view that lack of key servers is the limiting factor in use of encryption. Typically, the problem is assessed as usability -- key management on the infrastructure side, and end-user interface on the apps side.

I tend to believe the deeper concert is the lack of any standard way to get an individuals key. Once a protocol exists, then the MUA's can implement it. And there should be NO UI issue. User enters the destination email address, user says encrypt this, it works or is told the destination email has no cert available.


--

Doug Royer - (http://DougRoyer.US  http://goo.gl/yrxJTu )
DouglasRoyer(_at_)gmail(_dot_)com
714-989-6135

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature