IETF Logo Mail Archive

Re: Why are mail servers not also key servers?

Doug Royer <douglasroyer@gmail.com> Fri, 21 April 2017 04:03 UTC

Return-Path: <douglasroyer@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2F224129470 for <ietf@ietfa.amsl.com>; Thu, 20 Apr 2017 21:03:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mj3MbB-LQP6Y for <ietf@ietfa.amsl.com>; Thu, 20 Apr 2017 21:03:54 -0700 (PDT)
Received: from mail-oi0-x230.google.com (mail-oi0-x230.google.com [IPv6:2607:f8b0:4003:c06::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6D314128D69 for <ietf@ietf.org>; Thu, 20 Apr 2017 21:03:54 -0700 (PDT)
Received: by mail-oi0-x230.google.com with SMTP id r203so76843185oib.3 for <ietf@ietf.org>; Thu, 20 Apr 2017 21:03:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:organization:message-id:date:user-agent :mime-version:in-reply-to; bh=uOolkFaWj1hxEF2us8yXKze4AQrSoae19QzOJLTybA4=; b=HVQx0ZlBvaxdKIHOIpQTYhTns1l60HNSmeSG+LTcrS59iK+FTm6HRN+dRnuTyMKXOJ XJUVlAkXL3Jxga1T25pMabboyzNlY7xUh5IZSIOPiwyn6vC5sBNyoq3kKZJcHnkiyd0V 9pbS9XEb6OVduyiAnhaL4oLwJISaKfSWO2XKS5Lp1sLWgmqzx4v3knVce8rdoX/cO0tk SVerjAmRqEHDMqq/GPZV+HfIY1KOcRI0Am1Y9C838s7CxCKRLD6FYSpugk3c50fc+Anq 9pHpIlm/KD7Dci7Kwlw71MCVx2Bz8hq9c1z95cLFp9uQoB5oNiLj8V445K/vp7MYby7e eTTA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:organization :message-id:date:user-agent:mime-version:in-reply-to; bh=uOolkFaWj1hxEF2us8yXKze4AQrSoae19QzOJLTybA4=; b=KHV3pkILRmKT5Q4kFRvuIQVG1w68JPj9a5v2GZL9m/XYey8IGr7qKslZpHmAoHw474 nNOEQhGQjDGdwKmRyleI/GgT0l+cth6Imf4wM6rnK5i49aIOqGlgh/VzZgoytNPqtz60 JUEPB8jzKw4O8N6lldWEJo8a67KAIUhbQYg0qvk0dNeUOWbiShdcpWDS5NoEC7vh8id9 YO+FNpqqzM3DTsfb9ro8gojK8Tv+7OQCl1j1Ou31jnAW5FEIzOldigkTyU8uyVcmOmpp bkxBvWwLqveKit1fkh25tNtSMgBugzJX5o57kGnW4XJIfkn5wg26nEGA/oaIgV3UOugx ALBg==
X-Gm-Message-State: AN3rC/5MBRCAQ4jkFFTncIyWf+tHYAlNGxglbv4chPMI9HK2D8u0qMWE LOvQ2oGYpk5OqCp1PjI=
X-Received: by 10.157.80.142 with SMTP id b14mr6292117oth.151.1492747433221; Thu, 20 Apr 2017 21:03:53 -0700 (PDT)
Received: from ?IPv6:2602:ae:1b37:7300::2? ([2602:ae:1b37:7300::2]) by smtp.googlemail.com with ESMTPSA id e204sm3545429oia.35.2017.04.20.21.03.50 for <ietf@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 20 Apr 2017 21:03:51 -0700 (PDT)
Subject: Re: Why are mail servers not also key servers?
To: IETF Discussion Mailing List <ietf@ietf.org>
References: <849511c0-6526-ecbe-2b56-7b459eaf010b@hawaii.edu> <B897A3A3-4A47-4C74-B79F-4F93C86A338C@gmail.com> <82ab9e4d-05ba-bc39-c7d1-bda6ee8d9be5@hawaii.edu> <20170420173551.GN25754@mournblade.imrryr.org> <f5149504-12a1-728b-e685-3f75be6869c1@gmail.com> <063FA8A5-D94C-4537-8141-2A04374D4091@dukhovni.org> <09e03f86-69d4-27b8-4923-c68388cc426f@gmail.com> <20170420192604.GF2856@localhost> <alpine.LRH.2.20.999.1704201608320.13482@bofh.nohats.ca> <3BAB6CADBB6CA243A443E7C6674F2AB4082F04A1D3@PTPTVDEX02.PTPortugal.corpPT.com> <alpine.LRH.2.20.999.1704201937001.18536@bofh.nohats.ca>
From: Doug Royer <douglasroyer@gmail.com>
Organization: http://SoftwareAndServices.NET
Message-ID: <9d66d8d2-6c75-31c2-6364-e7becd2b81ea@gmail.com>
Date: Thu, 20 Apr 2017 22:03:49 -0600
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.0
MIME-Version: 1.0
In-Reply-To: <alpine.LRH.2.20.999.1704201937001.18536@bofh.nohats.ca>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="------------ms080602000408000607020905"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/ShU_N2M3gmnPJp1oIAXLPhv9DBo>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Apr 2017 04:03:56 -0000

On 04/20/2017 05:40 PM, Paul Wouters wrote:
> On Thu, 20 Apr 2017, Rui Costa wrote:
> 
> I want to send you an encrypted email. I need your key. I can send a
> plaintext email asking you for the key. I have to hope that it really
> reached you and that it is you who gave me the key and that the key
> was not modified in transport.
>

There are free email cert companies. This email is signed by one (unless 
the list server strips them out like it used to). Your MUA now knows my 
public key.

This is how it is done. I know it works with Thunderbird and Outlook.

To send a signed email, I only had to configure my MUA once. Thunderbird 
and Outlook always S/MIME signs all of my email with the free cert I use.

You send me a signed (not encrypted) email from a *mutually trusted* 
cert source. Your MUA signed it with your private key, because that's 
how its done. Only your public key can verify it.

My MUA examines the email, extracts your public key that is included in 
an S/MIME signed email, verifies it was signed by the mutually trusted 
cert source. I now know the 'From' email address matches the signature, 
the content, and the only way your MUA could have generated those 
sequence of bits, is that it was signed by your matching private key.

I now have your public key. Verified by a email message signature that 
could have only been signed by the matching private key, which validate 
against the trusted cert source. Who cares if the world sees your public 
key - that the point of a public key.

If someone were to modify the message in transit (only some of the 
headers are used in the signature verification), the signature will fail 
to validate. Then my MUA would tag it as bad signature and should be 
un-trusted.

Thunderbird signifies a good signature with an image of a letter, with a 
red seal.

When my MUA validates that the signature matches the email content, then 
the recipient MUA knows nothing was altered, including the public key, 
which it keeps.

Thunderbird and Outlook collect these certs by default. I do not have to 
do anything. I can even export them to a file, and import them into 
another MUA.

I can now send you an encrypted email, encrypted with my private key and 
your public key. Only your MUA can open it with your private key and my 
public key, and in that process, also validates it.

-- 

Doug Royer - (http://DougRoyer.US  http://goo.gl/yrxJTu )
DouglasRoyer@gmail.com
714-989-6135

v2.23.0 | Report a Bug | By Email