Re: Why are mail servers not also key servers?
Philip Homburg <pch-ietf-6@u-1.phicoh.com> Fri, 21 April 2017 12:06 UTC
Return-Path: <pch-bF054DD66@u-1.phicoh.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 98833126B72 for <ietf@ietfa.amsl.com>; Fri, 21 Apr 2017 05:06:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r003ag_kBTcI for <ietf@ietfa.amsl.com>; Fri, 21 Apr 2017 05:06:18 -0700 (PDT)
Received: from stereo.hq.phicoh.net (stereo6-tun.hq.phicoh.net [IPv6:2001:888:1044:10:2a0:c9ff:fe9f:17a9]) by ietfa.amsl.com (Postfix) with ESMTP id 89E62120454 for <ietf@ietf.org>; Fri, 21 Apr 2017 05:06:18 -0700 (PDT)
Received: from stereo.hq.phicoh.net (localhost [::ffff:127.0.0.1]) by stereo.hq.phicoh.net with esmtp (Smail #130) id m1d1XKL-0000DoC; Fri, 21 Apr 2017 14:06:17 +0200
Message-Id: <m1d1XKL-0000DoC@stereo.hq.phicoh.net>
To: ietf@ietf.org
Subject: Re: Why are mail servers not also key servers?
From: Philip Homburg <pch-ietf-6@u-1.phicoh.com>
Sender: pch-bF054DD66@u-1.phicoh.com
In-reply-to: Your message of "Thu, 20 Apr 2017 21:35:33 -0600 ." <c4b3cfbe-9420-e171-8d0f-18d21b6e451d@gmail.com>
Date: Fri, 21 Apr 2017 14:06:16 +0200
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/23cLJKD_omcebKOgHOooLzpSLRI>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Apr 2017 12:06:20 -0000
>You send me a signed email from a mutually trusted source. I now have >your public key, because you can extract it from the signed S/MIME >email. (I am guessing you can do this with PGP.) Just replying to a random part of the discussion. Is there any kind of description and any kind of agreement of what attacks secure mail is supposed to defend against? Without a clear statement of what it is supposed to do, it is not possible to figure out whether a proposal actually meets that goal. And without a clear goal it is also not possible to figure out if the system is going to useful or not. People have wildly different ideas of what e-mail security means. In the context of this discussion, one thing I'm curious about, and something that should be clear from the description of the attack vectors, is who controls a key. To put it in terms of TLS certificates, is an e-mail key 'DV' or 'EV'? It is easy to come up with lots of ways in which a domain holder can provide a public key for a mailbox at that domain. But is that what we want? In some cases, like corporate mailboxes, probably yes. In other cases, journalists or activists with an e-mail account at a big e-mail provider, probably not.
- Why are mail servers not also key servers? Jon
- Re: Why are mail servers not also key servers? Nico Williams
- Re: Why are mail servers not also key servers? Viktor Dukhovni
- Re: Why are mail servers not also key servers? Paul Wouters
- Re: Why are mail servers not also key servers? Yoav Nir
- Re: Why are mail servers not also key servers? Yoav Nir
- Re: Why are mail servers not also key servers? Paul Wouters
- Re: Why are mail servers not also key servers? Viktor Dukhovni
- Re: Why are mail servers not also key servers? Matthew Kerwin
- Re: Why are mail servers not also key servers? Jon
- Re: Why are mail servers not also key servers? Nico Williams
- Re: Why are mail servers not also key servers? Doug Royer
- Re: Why are mail servers not also key servers? Viktor Dukhovni
- Re: Why are mail servers not also key servers? Doug Royer
- Re: Why are mail servers not also key servers? Doug Royer
- Re: Why are mail servers not also key servers? John Levine
- Re: Why are mail servers not also key servers? Paul Wouters
- Re: Why are mail servers not also key servers? Phillip Hallam-Baker
- RE: Why are mail servers not also key servers? Paul Wouters
- RE: Why are mail servers not also key servers? Rui Costa
- RE: Why are mail servers not also key servers? Rui Costa
- Re: Why are mail servers not also key servers? Martin Thomson
- Re: Why are mail servers not also key servers? Doug Royer
- Re: Why are mail servers not also key servers? Doug Royer
- Re: Why are mail servers not also key servers? John Levine
- Re: Why are mail servers not also key servers? Philip Homburg
- Re: Why are mail servers not also key servers? John Levine
- Re: Why are mail servers not also key servers? Phillip Hallam-Baker
- Re: Why are mail servers not also key servers? Doug Royer
- Re: Why are mail servers not also key servers? Doug Royer
- Re: Why are mail servers not also key servers? Rich Kulawiec
- Re: Why are mail servers not also key servers? John C Klensin
- Re: Why are mail servers not also key servers? Doug Royer
- Re: Why are mail servers not also key servers? John C Klensin
- Re: Why are mail servers not also key servers? Doug Royer
- Re: Why are mail servers not also key servers? Phillip Hallam-Baker
- Re: Why are mail servers not also key servers? Philip Homburg
- Re: Why are mail servers not also key servers? Doug Royer
- Re: Why are mail servers not also key servers? Phillip Hallam-Baker
- Re: Why are mail servers not also key servers? Wei Chuang
- Re: Why are mail servers not also key servers? Phillip Hallam-Baker
- Re: Why are mail servers not also key servers? John R Levine
- Re: Why are mail servers not also key servers? Martin Thomson
- Re: Why are mail servers not also key servers? Phillip Hallam-Baker
- Re: Why are mail servers not also key servers? Dave Crocker
- Re: Why are mail servers not also key servers? Doug Royer
- Re: Why are mail servers not also key servers? Doug Royer