Re: Why are mail servers not also key servers?

[Nico Williams <nico@cryptonector.com>]

On Thu, Apr 20, 2017 at 01:10:38PM -0600, Doug Royer wrote:
> On 04/20/2017 12:53 PM, Viktor Dukhovni wrote:
> >
> >>> A major problems with all E2E email encryption proposals is unrelated
> >>> to key distribution, none of the extant MUAs provide an adequate
> >>> interface for E2E encrypted email.
> >>>        + Encrypted email is not searchable.
> >>
> >> Sure it is, by the recipient MUA, else the user could not read their
> email.
> >> It would not be searchable by a 3rd party - which is the point of
> encryption.
> >
> > Which MUAs index content of encrypted messages?  How does this work for
> clients
> > that store only a cache of recent messages, or webmail?
> 
> That is an implementation detail. If the MUA wants to see the message, it
> can, if it can't, its not an MUA.

Sure.

> Storing the message in a cache is orthogonal to if it is encrypted. I can
> cache the encrypted message, cache it after its decrypted, or not cache it
> at all.

If you want to use IMAP and leave the mail on a server (which does not
have your private keys thus can't decrypt the e-mails) then the server
can't index your email.  Your client could build and keep an index
(presumably stored encrypted) to search email with.

No MUA does that.  Maybe they should, and it'd be nice.  But since they
don't, E2E encrypted email is just too difficult to use.

Now, indexing encrypted email on the MUA side is clearly an
implementation detail, but it is a detail which (along with many other
UI details) is critical to adoption.

Part of the problem is that there is very little work being done on
MUAs.  We can tell people what to do, but they're not doing it, so we're
stuck.

> I use E2E almost every day. Works fine. Update the MUA your using. If you do
> not want to update your MUA, then, your making the decision for things to
> not work. Its not a protocol issue.

And what MUA is that?

> A Web-clients MUA have a problem, because you would have to store the
> private key in the email-web-server. I would not do that, so I will not use
> an MUA that allows my private key to be given to another server, managed by
> some unknown person. They have that problem now - no change.
> Not fixable, unless you give away your private key. And again, not something
> the IETF should be recommending.

I'm not so sure.  A client could use JS crypto APIs to locally decrypt
(and hopefully not send the cleartext back to the server! but you have
to trust the MUA software...), and it could even build an index in local
storage.

But still, without anyone actually implementing such a thing...

Nico
--