IETF Logo Mail Archive

Re: Why are mail servers not also key servers?

Doug Royer <douglasroyer@gmail.com> Fri, 21 April 2017 15:52 UTC

Return-Path: <douglasroyer@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 710B2129528 for <ietf@ietfa.amsl.com>; Fri, 21 Apr 2017 08:52:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UcKHPv8gPOIJ for <ietf@ietfa.amsl.com>; Fri, 21 Apr 2017 08:52:18 -0700 (PDT)
Received: from mail-oi0-x22d.google.com (mail-oi0-x22d.google.com [IPv6:2607:f8b0:4003:c06::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CB09B129789 for <ietf@ietf.org>; Fri, 21 Apr 2017 08:52:17 -0700 (PDT)
Received: by mail-oi0-x22d.google.com with SMTP id y11so68514725oie.0 for <ietf@ietf.org>; Fri, 21 Apr 2017 08:52:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:organization:message-id:date:user-agent :mime-version:in-reply-to; bh=LoskcclDhSvOrcZEMUHW2BS6/DbKRqQKv9+6W+52rGI=; b=fiGsChUNSqVY5Bye9WQb9LLJNQRR55321TZ/oeUtThyOmWxlWYGMXqgsZ/ST+cEkk/ c2rtR1XWx5qqr9tzNuNov3iN18kDpW2X0UZGCQ7VMOi8wOPu/YaPqNNfgjKv9a3+0EQV HNwN7+qiFtzyNLkMnR0PKuS5DWLuxnZZDITvEfaw9PskazaCIQWkqqNZsX6+Y/bkaaYJ QUuip2CT32OuGGSMkocUJApVKkoR7z1TidN95YZwBsu8+Lf+8uxNRjgQNLDgBV2gv34E /ermddxpRfXFBjFNdBCaV5c+38jV5k/kAqQqxYw3ukGPqL35oYdd97z+h1K9du4pV3b0 GpQQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:organization :message-id:date:user-agent:mime-version:in-reply-to; bh=LoskcclDhSvOrcZEMUHW2BS6/DbKRqQKv9+6W+52rGI=; b=dgtRPO69OeQzD1DxddVDZ9WawBD/2D/9Gi8CVrU3144fHWJzPF0b3IdMkQN/VivPdW qqiNOiNXSt60h3ciBndqLTpKpHJCQiRZ0gHKrcTAqGZi5co8s/cGUYIRe5VWSnpHOuMJ erTl7fL87vrfmv2S/3IW1l+6brdNe911uDA5pcBX3tH4ywsuifuuyYdYi4Gu5wUdl0lV fWh8+FocrfHi/JXx8MH+szZoNYvxRvJB67hMFcLYA3yUiuTjqaCMHBv8+Q2e3goSkSLU zhOF0Tb0+ooJ7ijWF4XZlJXbRKXfScpYcZuDcpKnRJx+NtJLnfvKDO6c/PXXsQYXSy4d LIBA==
X-Gm-Message-State: AN3rC/5yjg4drO+TecxD7cI3TDo2VfEn1Fp/0mox7MkuDlHC7fq60LKc kN7BRc6phIFBqbX37J0=
X-Received: by 10.157.9.41 with SMTP id 38mr8030741otp.256.1492789936811; Fri, 21 Apr 2017 08:52:16 -0700 (PDT)
Received: from ?IPv6:2602:ae:1b37:7300::2? ([2602:ae:1b37:7300::2]) by smtp.googlemail.com with ESMTPSA id p27sm4224487otd.26.2017.04.21.08.52.14 for <ietf@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 21 Apr 2017 08:52:15 -0700 (PDT)
Subject: Re: Why are mail servers not also key servers?
To: ietf@ietf.org
References: <849511c0-6526-ecbe-2b56-7b459eaf010b@hawaii.edu> <B897A3A3-4A47-4C74-B79F-4F93C86A338C@gmail.com> <82ab9e4d-05ba-bc39-c7d1-bda6ee8d9be5@hawaii.edu> <32b6bba4-cd4b-167f-b3d1-36733d1504c2@gmail.com> <20170421133535.GA21229@gsp.org> <E690BED1BD448540F502C8DD@PSB>
From: Doug Royer <douglasroyer@gmail.com>
Organization: http://SoftwareAndServices.NET
Message-ID: <4e394b3d-0f12-ef16-65b6-a2b712e98da5@gmail.com>
Date: Fri, 21 Apr 2017 09:52:13 -0600
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.0
MIME-Version: 1.0
In-Reply-To: <E690BED1BD448540F502C8DD@PSB>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="------------ms040505090501050006040704"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/Ww1C_iUeLJtXtzai-zR2GO44GaE>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Apr 2017 15:52:19 -0000

On 04/21/2017 09:48 AM, John C Klensin wrote:

> 
> In addition, as others have pointed out, if you can't trust your
> email (server) provider, then expecting others to trust keys on
> the basis that they are obtained from that server may not make a
> lot of sense.

You do not have to trust your or their email server. If you trust the 
cert issuer. Then use the result.

If you do not trust the cert issuer, then do not use the results.

-- 

Doug Royer - (http://DougRoyer.US  http://goo.gl/yrxJTu )
DouglasRoyer@gmail.com
714-989-6135

v2.23.0 | Report a Bug | By Email