IETF Logo Mail Archive

Why are mail servers not also key servers?

Jon <jmoroney@hawaii.edu> Thu, 20 April 2017 13:20 UTC

Return-Path: <jmoroney@hawaii.edu>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5C05C127444 for <ietf@ietfa.amsl.com>; Thu, 20 Apr 2017 06:20:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=hawaii-edu.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Lj0HQg-IbuKI for <ietf@ietfa.amsl.com>; Thu, 20 Apr 2017 06:20:10 -0700 (PDT)
Received: from mail-wr0-x22c.google.com (mail-wr0-x22c.google.com [IPv6:2a00:1450:400c:c0c::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D9CD8128656 for <ietf@ietf.org>; Thu, 20 Apr 2017 06:20:09 -0700 (PDT)
Received: by mail-wr0-x22c.google.com with SMTP id c55so35475276wrc.3 for <ietf@ietf.org>; Thu, 20 Apr 2017 06:20:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hawaii-edu.20150623.gappssmtp.com; s=20150623; h=from:subject:to:message-id:date:user-agent:mime-version :content-transfer-encoding; bh=inzN+FZT3yPofCgaKloioZ43+4vuUfhxlZhhBmp534A=; b=A/JFx2TYu34oegS4iu4T14wvc5oeAtYWcUJXGzd+txFqkcpgF2X+vMKGevEIHfj2zh 3b7eCUcbGnmt+2BY15f8+Q/WxB15O0XCOPe6rF9UvXfksJ209Z0a5B18C3iQwZ9odIxI 20BY3Be2fGAAnqXZp0WudA+IfXA71BWXApG3ZE3Bo7eaYimAtBDyM5g5yYn3mWUh4yqo BqcNEBjiKXPEW6YJudfPLf/7L02+gt3/83S/Xwy6faQ5qNVrtojaaZE6lmhURkzFUgzP npLR8Le3YKyftjTQ3SEJK5lEVgu8QutpPbIw4lYvh4a+vDNpPC2zy6QJhiZJcFfqqGYw zgZg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:subject:to:message-id:date:user-agent :mime-version:content-transfer-encoding; bh=inzN+FZT3yPofCgaKloioZ43+4vuUfhxlZhhBmp534A=; b=gXHfm483ZO1zktU92kSQHdDUNgnzXfpQHKEkaVCrJJr3g7tY0VFe5Vywm+ISYuw7Cw p0piktXJQ9J8v8jOm+aQGuc1E7SjF3EqdwClmxUNMka+c76AGbLDCYl6BVNi+rIXP7OB 8gH+EU18bQU/NRmLOG/IUtqwJRVpLQ1+8/57R2ldOfbqwQf2Aiv6KvQ6xdEHSaBo06PS I0dHpJ7Bg/Gih5JT4x1HLbB1nM3IG+zJN5Hi7JkwgVBJFwCygwe9qrxeWRBGG9VvDviG lzCo0BOMKXPiajPhZ51XFNDOPba47M5d1CPdlDBB22jZ6ZZpJvW4QcEgpl1xku9y1UvJ p+YA==
X-Gm-Message-State: AN3rC/71KuW7NKhinNGOTrtcLs9GSoApxLx4v6dYcmcVuXjQ/eJZYUyq DAkSv21J0uukU8cHj2WfXIhv7FPyp3e70PgaLHw+en4IrsOBJsvOTZMApHpbdrND42EDBrjLBJp vp406ua4cFiBCSZGrdYXjxp5/xJKOn0PXKxq5rdC/BYm8
X-Received: by 10.223.172.165 with SMTP id o34mr8600553wrc.4.1492694407054; Thu, 20 Apr 2017 06:20:07 -0700 (PDT)
Received: from n142188.science.ru.nl (n142188.science.ru.nl. [131.174.142.188]) by smtp.gmail.com with ESMTPSA id v8sm7540613wrd.42.2017.04.20.06.20.05 for <ietf@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 20 Apr 2017 06:20:06 -0700 (PDT)
From: Jon <jmoroney@hawaii.edu>
Subject: Why are mail servers not also key servers?
To: ietf@ietf.org
Message-ID: <849511c0-6526-ecbe-2b56-7b459eaf010b@hawaii.edu>
Date: Thu, 20 Apr 2017 15:20:05 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/JOg9VeOWlUSh-rs78sMvOk6y9jI>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Apr 2017 13:21:15 -0000

Hi All,

I'm not sure if this is a topic which has already come up or not (I did
a simple search brought nothing up).

Anyway, the state of email security is still pretty poor despite much
low hanging fruit. PGP is great for those that use
it, but they are a small group. TLS seems to be the only wide spread
security implementation and I suspect that it has worked because it's
transparent to the end users. So, why hasn't key exchange been made to
be transparent? Why are (E)SMTP servers not also key servers? Have users
generate a key pair on registration, store those keys on the server (in
an encrypted archive), and make the public key available. A little
coding later and we've got key exchange and message confidentiality.

Some extra security can be had by giving mail servers their own keys
with which they can sign exchanges (and remember each other). TLS can be
used to as part of an initial key exchange if that is desired. Can
we not extend smtp again to include the necessary key exchange commands?
Is there any movement on this?

Jon

v2.23.0 | Report a Bug | By Email