On 04/26/2017 03:12 PM, Dave Crocker wrote:
On 4/20/2017 6:20 AM, Jon wrote:
So, why hasn't key exchange been made to
be transparent? Why are (E)SMTP servers not also key servers?
SMTP is a transfer protocol, for sending a specialized 'file' /to/ a
server. A key server needs a query transaction, to get small bits of
data /from/ a server. They are fundamentally different interaction
service models.
Yes.
From an implementation point of view the MX/MTA is currently the only
'authority' for what is a known email for a domain.
LDAP is generally not exposed to the Internet.
I understand that if a new non-MX/MTA protocol is designed, any
compliant MUA and MTA would have to be rewritten, along with a new key
server.
I was thinking that having them combined would be less new code and
typing :-)
A closer approximation would be DNS, which perhaps explains DKIM and
DANE, as has been cited in this thread. (However they are at the domain
level and you appear to be targeting per-user keys, given the PGP
reference. That's a much harder problem.)
The deeper concern is the apparent view that lack of key servers is the
limiting factor in use of encryption. Typically, the problem is
assessed as usability -- key management on the infrastructure side, and
end-user interface on the apps side.
I tend to believe the deeper concert is the lack of any standard way to
get an individuals key. Once a protocol exists, then the MUA's can
implement it. And there should be NO UI issue. User enters the
destination email address, user says encrypt this, it works or is told
the destination email has no cert available.
--
Doug Royer - (http://DougRoyer.US http://goo.gl/yrxJTu )
DouglasRoyer(_at_)gmail(_dot_)com
714-989-6135
smime.p7s
Description: S/MIME Cryptographic Signature