IETF Logo Mail Archive

Re: Why are mail servers not also key servers?

Paul Wouters <paul@nohats.ca> Thu, 20 April 2017 15:08 UTC

Return-Path: <paul@nohats.ca>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AA97F129A97 for <ietf@ietfa.amsl.com>; Thu, 20 Apr 2017 08:08:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.759
X-Spam-Level:
X-Spam-Status: No, score=-0.759 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, NUMERIC_HTTP_ADDR=1.242, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LD6bszptEsdD for <ietf@ietfa.amsl.com>; Thu, 20 Apr 2017 08:08:29 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D7A461293E0 for <ietf@ietf.org>; Thu, 20 Apr 2017 08:08:28 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 3w82Lb42WPzD23; Thu, 20 Apr 2017 17:08:23 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1492700903; bh=P6Xr48yMPXIzZutVizOE7mXEvLlCqdmxhNU30a6tTbg=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=kfa0jhTAABgCgJFyzGCbdlAed7E72V7EikKujKjF3F9WxEiLoOAQmgIZ2OxTvZkbt i+9Vue0RUeiGBRQs4WRiyM2brCC8KpxO5S5JcD+vB05BR4i7U7JQVpg/zn1fkVZCR3 eXn+47lClc45X4R3McxMJmNGEA6acxrJY/dr/XuM=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id L8vIsLwQQXPj; Thu, 20 Apr 2017 17:08:21 +0200 (CEST)
Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Thu, 20 Apr 2017 17:08:21 +0200 (CEST)
Received: by bofh.nohats.ca (Postfix, from userid 1000) id 8F06A353643; Thu, 20 Apr 2017 11:08:20 -0400 (EDT)
DKIM-Filter: OpenDKIM Filter v2.11.0 bofh.nohats.ca 8F06A353643
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 73C3940D811F; Thu, 20 Apr 2017 11:08:20 -0400 (EDT)
Date: Thu, 20 Apr 2017 11:08:20 -0400
From: Paul Wouters <paul@nohats.ca>
To: Yoav Nir <ynir.ietf@gmail.com>
cc: Jon <jmoroney@hawaii.edu>, ietf@ietf.org
Subject: Re: Why are mail servers not also key servers?
In-Reply-To: <FC831208-97A3-4F1B-A37C-F8646C3FB208@gmail.com>
Message-ID: <alpine.LRH.2.20.999.1704201055590.1457@bofh.nohats.ca>
References: <849511c0-6526-ecbe-2b56-7b459eaf010b@hawaii.edu> <alpine.LRH.2.20.999.1704201016120.518@bofh.nohats.ca> <FC831208-97A3-4F1B-A37C-F8646C3FB208@gmail.com>
User-Agent: Alpine 2.20.999 (LRH 202 2017-01-01)
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/J5kpn4DJgqwUp2akJRdiI3B06qw>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Apr 2017 15:08:31 -0000

On Thu, 20 Apr 2017, Yoav Nir wrote:

> On 20 Apr 2017, at 17:22, Paul Wouters <paul@nohats.ca> wrote:
>
>             generate a key pair on registration, store those keys on the server (in
>             an encrypted archive), and make the public key available. A little
>             coding later and we've got key exchange and message confidentiality.
>
>       SMTP servers could be key servers without having the private key of
>       individuals?
> 
> Sure. If they double as HTTPS servers.

I should drink coffee before posting... What I meant to say was the
model where the mail server generates and/or has a copy of the private
key seems dangerous. And I tried to say SMTP servers could be key
servers with only having public keys, not private keys. Still, using
(E)SMTP has all the problems I described earlier.

> I want to send you an email, so I type “paul@nohats.ca” in the To: field, and my MUA goes to
> https://mail-public-keys.nohats.ca/.well-known/mail-pubkeys/paul and that gets your public key.

But any MUA can already get my key using RFC-7929 at sha256("paul")[1:28]._openpgpkey.nohats.ca

eg:

dig openpgpkey 0357513deb903a056e74a7e475247fc1ffe31d8be4c1d4a31f58dd47._openpgpkey.nohats.ca.

So using another HTTP(S) server that is not the SMTP server itself does
not seem to make much sense to me? An SMTP server relaying the
OPENPGPKEY or SMIMEA or other source of pubkey could be useful,
if we think DNS transport is bigger problem than ESMTP transport.
But I think it is harder for people to contact mx.nohats.ca on port
25 from a random ISP compared to use DNS against 8.8.8.8 on an ISP
network.

Paul

v2.23.0 | Report a Bug | By Email