IETF Logo Mail Archive

Re: Why are mail servers not also key servers?

Philip Homburg <pch-ietf-6@u-1.phicoh.com> Fri, 21 April 2017 12:06 UTC

Return-Path: <pch-bF054DD66@u-1.phicoh.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 98833126B72 for <ietf@ietfa.amsl.com>; Fri, 21 Apr 2017 05:06:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r003ag_kBTcI for <ietf@ietfa.amsl.com>; Fri, 21 Apr 2017 05:06:18 -0700 (PDT)
Received: from stereo.hq.phicoh.net (stereo6-tun.hq.phicoh.net [IPv6:2001:888:1044:10:2a0:c9ff:fe9f:17a9]) by ietfa.amsl.com (Postfix) with ESMTP id 89E62120454 for <ietf@ietf.org>; Fri, 21 Apr 2017 05:06:18 -0700 (PDT)
Received: from stereo.hq.phicoh.net (localhost [::ffff:127.0.0.1]) by stereo.hq.phicoh.net with esmtp (Smail #130) id m1d1XKL-0000DoC; Fri, 21 Apr 2017 14:06:17 +0200
Message-Id: <m1d1XKL-0000DoC@stereo.hq.phicoh.net>
To: ietf@ietf.org
Subject: Re: Why are mail servers not also key servers?
From: Philip Homburg <pch-ietf-6@u-1.phicoh.com>
Sender: pch-bF054DD66@u-1.phicoh.com
In-reply-to: Your message of "Thu, 20 Apr 2017 21:35:33 -0600 ." <c4b3cfbe-9420-e171-8d0f-18d21b6e451d@gmail.com>
Date: Fri, 21 Apr 2017 14:06:16 +0200
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/23cLJKD_omcebKOgHOooLzpSLRI>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Apr 2017 12:06:20 -0000

>You send me a signed email from a mutually trusted source. I now have 
>your public key, because you can extract it from the signed S/MIME 
>email. (I am guessing you can do this with PGP.)

Just replying to a random part of the discussion.

Is there any kind of description and any kind of agreement of what attacks
secure mail is supposed to defend against?

Without a clear statement of what it is supposed to do, it is not possible
to figure out whether a proposal actually meets that goal. And without a
clear goal it is also not possible to figure out if the system is going to 
useful or not.

People have wildly different ideas of what e-mail security means. 

In the context of this discussion, one thing I'm curious about, and something
that should be clear from the description of the attack vectors, is who
controls a key.

To put it in terms of TLS certificates, is an e-mail key 'DV' or 'EV'?

It is easy to come up with lots of ways in which a domain holder can provide
a public key for a mailbox at that domain. But is that what we want?
In some cases, like corporate mailboxes, probably yes. In other cases,
journalists or activists with an e-mail account at a big e-mail provider,
probably not.

v2.23.0 | Report a Bug | By Email