IETF Logo Mail Archive

Re: Why are mail servers not also key servers?

Matthew Kerwin <matthew@kerwin.net.au> Thu, 20 April 2017 19:50 UTC

Return-Path: <phluid61@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A82E1315C2 for <ietf@ietfa.amsl.com>; Thu, 20 Apr 2017 12:50:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.449
X-Spam-Level:
X-Spam-Status: No, score=-1.449 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FORGED_FROMDOMAIN=0.199, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K2GCLFUf8avQ for <ietf@ietfa.amsl.com>; Thu, 20 Apr 2017 12:50:49 -0700 (PDT)
Received: from mail-io0-x229.google.com (mail-io0-x229.google.com [IPv6:2607:f8b0:4001:c06::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0505113160B for <ietf@ietf.org>; Thu, 20 Apr 2017 12:50:48 -0700 (PDT)
Received: by mail-io0-x229.google.com with SMTP id o22so92438539iod.3 for <ietf@ietf.org>; Thu, 20 Apr 2017 12:50:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=IdQJJsP8aiBNKus2bOg80hRquq5Fx3w/HV7rWQ5jOqo=; b=LA3eiinty7Wr1l07WhoJDcSKZ/lw1xsj/RQPjor1dA60P8C8OqsDvQQrjlQIJayva3 TKwgpxhdTlqMR1ezQfsA6O0ynymgubEbMgB9qH5e//UJHrBdCwa7MrWXXDJhvhTM3RcM SyNA2fL1G9wwvDTLMJ5ChdQV5GfdsdkbMarqECSnZ4ONOhRtzK5JLwJmDj+ANQaLgI83 XHhKtAXLmUUsdatdarVqWlr5OOFYThlBej8iHaa4HVloOr2kA7nqiAslrHFONhC8Veko tfGLZb/DLXe7//pM2ea8/mxodWkT0Kv9S5z6+kc5h/PfgINKFTIjrkPOaE0dTN2OWWJm SLaA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=IdQJJsP8aiBNKus2bOg80hRquq5Fx3w/HV7rWQ5jOqo=; b=kEjw+IWH/rs2xxzNbQzYUItGC6YKaNUldaLWB3Zi7ZxXc6e7jlGduW5jUlDXOHKJra DmDLjYpEHACmVqRuH4HwwrH0TmHtnPX2hWzEDl4feNtRgI+/RB6Tueoormz5W+/A9ap7 db11+sveBZA5MtVvzy9OXLs+bu4b9R8VRgsHcyfh2+p8q+jiSsgO8Jd6F5wghb8Lppht gh064IbyVFK5uoNH3UfTKGR6MfRpnTSJ8dlIbxE1xvCEkGasH80xZJa6LUISSU5Ao1NF JnkrxUduvaetyoQIdrIRiwmtQBSPil3VXgg49j1BSfaxIbIM07p4XSoMWpWklFXVKkG3 TzaA==
X-Gm-Message-State: AN3rC/6QdTuNdUxS7YDcoWJ9MXuRiG53M5n9AtY5qwCgfDRth1DPKMgO abk2nJLIewRdnq0SsWUZRuOodEqAsQ==
X-Received: by 10.107.187.199 with SMTP id l190mr11197970iof.86.1492717848416; Thu, 20 Apr 2017 12:50:48 -0700 (PDT)
MIME-Version: 1.0
Sender: phluid61@gmail.com
Received: by 10.107.169.206 with HTTP; Thu, 20 Apr 2017 12:50:47 -0700 (PDT)
Received: by 10.107.169.206 with HTTP; Thu, 20 Apr 2017 12:50:47 -0700 (PDT)
In-Reply-To: <f5149504-12a1-728b-e685-3f75be6869c1@gmail.com>
References: <849511c0-6526-ecbe-2b56-7b459eaf010b@hawaii.edu> <B897A3A3-4A47-4C74-B79F-4F93C86A338C@gmail.com> <82ab9e4d-05ba-bc39-c7d1-bda6ee8d9be5@hawaii.edu> <20170420173551.GN25754@mournblade.imrryr.org> <f5149504-12a1-728b-e685-3f75be6869c1@gmail.com>
From: Matthew Kerwin <matthew@kerwin.net.au>
Date: Fri, 21 Apr 2017 05:50:47 +1000
X-Google-Sender-Auth: Qi-6VcVHkOYlIfe8mOybYrKbiH4
Message-ID: <CACweHNDjM5B_R5n2dqDF0Qeqn7yHAGq722OD+cCELej2KN2HRw@mail.gmail.com>
Subject: Re: Why are mail servers not also key servers?
To: Doug Royer <douglasroyer@gmail.com>
Cc: ietf@ietf.org
Content-Type: multipart/alternative; boundary="94eb2c0766bc1adb66054d9e7584"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/ixVXRFaoDHi49wDkB-JalrB1ios>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Apr 2017 19:50:50 -0000

On 21 Apr. 2017 3:57 am, "Doug Royer" <douglasroyer@gmail.com> wrote:

On 04/20/2017 11:35 AM, Viktor Dukhovni wrote:

> On Thu, Apr 20, 2017 at 07:01:05PM +0200, Jon wrote:


       + Changing the private key can mean loss of access to email
>         encrypted under the old key.
>

Only if you throw away old keys. Doctor, Doctor, it hurts when I do this. -
So Do not do that :-)


       + Signatures stop verifying when the signature key expires,
>         even though they were valid at the the email was received.
>

Again, do not throw away the old keys. An MUA should not allow a user to
throw away any key needed for any message still in the store. Yep - complex.



... And re-import every old key when you switch to a new MUA. Sounds like
fun to enforce.

Cheers
-- 
Matthew Kerwin

v2.23.0 | Report a Bug | By Email