Yoav Nir <ynir(_dot_)ietf(_at_)gmail(_dot_)com> wrote:
>> OpenPGP format permits a (public) key blog on contain many signing
>> (sub)keys, and so distributing a public key with a set of subkeys
>> where the private keys are stored into laptops and phones, etc. would
>>> You end up reading encrypted mail only using one MUA, which is one
>>> more thing dragging the use of S/Mime down.
>> Agreed; I'm not sure if PKIX has a subkey concept. I suspect it's in
>> a standard, but I'm unclear if it was ever deployed.
> That works OK for signatures, but for encryption? You’d have to
> encrypt the message with each subkey. Yeah, I know only the symmetric
> key gets encrypted but it’s still ugly.
I'm pretty sure that the spec already says to do that.
> And we haven’t even mentioned the web MUA and where it stores the
> private keys.
There are existing S/MIME and PGP plugins and extensions for browsers that do
this. I'm aware of one that has received significant commercial success in
private keys, but I suspect that they also have options to store them
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | network architect [
] mcr(_at_)sandelman(_dot_)ca http://www.sandelman.ca/ | ruby on
Michael Richardson <mcr+IETF(_at_)sandelman(_dot_)ca>, Sandelman Software Works
-= IPv6 IoT consulting =-
Description: PGP signature