ietf
[Top] [All Lists]

Re: Need for secured email delegation workflow

2017-07-14 17:36:33

Yoav Nir <ynir(_dot_)ietf(_at_)gmail(_dot_)com> wrote:
    > This is part of a wider issue. Even without delegation, if I use my own
    > email account with several MUAs (say, my laptop and my phone), where is
    > the private key stored? Is it shared between laptop and phone?

I think that simple delegation would be a better tool to delegate email
access from my desktop to my phone and/or laptop.  That way the server
knows it's an anciliary device, it could be revoked easier, and a more
suspicious profile could be applied by servers.   Google has tried to
do this with the "App passwords", but my understanding is that they still
not restricted to specific apps.  Just additional passwords that have
most access, but not password resetting access.

OpenPGP format permits a (public) key blog on contain many signing (sub)keys,
and so distributing a public key with a set of subkeys where the private
keys are stored into laptops and phones, etc. would work.

    > You end up reading encrypted mail only using one MUA, which is one more
    > thing dragging the use of S/Mime down.

Agreed; I'm not sure if PKIX has a subkey concept.  I suspect it's in a
standard, but I'm unclear if it was ever deployed.

-- 
]               Never tell me the odds!                 | ipv6 mesh networks [ 
]   Michael Richardson, Sandelman Software Works        | network architect  [ 
]     mcr(_at_)sandelman(_dot_)ca  http://www.sandelman.ca/        |   ruby on 
rails    [ 
        

Attachment: signature.asc
Description: PGP signature