Re: Why are mail servers not also key servers?
Phillip Hallam-Baker <phill@hallambaker.com> Thu, 20 April 2017 20:11 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 667B2131666 for <ietf@ietfa.amsl.com>; Thu, 20 Apr 2017 13:11:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.399
X-Spam-Level:
X-Spam-Status: No, score=-2.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.199, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KmWD7Kghj733 for <ietf@ietfa.amsl.com>; Thu, 20 Apr 2017 13:11:01 -0700 (PDT)
Received: from mail-oi0-x22a.google.com (mail-oi0-x22a.google.com [IPv6:2607:f8b0:4003:c06::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 60FC113163C for <ietf@ietf.org>; Thu, 20 Apr 2017 13:11:01 -0700 (PDT)
Received: by mail-oi0-x22a.google.com with SMTP id j201so66151798oih.2 for <ietf@ietf.org>; Thu, 20 Apr 2017 13:11:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=7MXTheIWgh11iojvV/v7AKFWZwO8AoTKtRQES5BIN/w=; b=WFbIrwBNBUlJnpEGF8GcGDHT1GeuPq9gViWhbic1IVKbq2mdzE9yKpTIPtFA0dQ3Pa 7/VK0Je9BMF06cR6VDYPhe52OmZ/+1YPcQrNwn9D0WsydzMX78c4Kvkh5OCjr04RmYi9 2xww7fh1TNZbBOnLGSAYS+nkAOZFQhxozHVVrvMQA9s/ukiM8B9/dtsNUXA2Kn2bAB8z FpJAs9qMCrrHDX/3xOPNcjkoiqE276tZC4VTPh8Po9096jDayQck7k0A83OWwLCYvq4U BhPtDVTpFoEWqB9RJA3ryKfVFJO9rr/sBV1OhV+VszuH5yNgDJYQyAs/ty7sd8u5STSD PEEg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=7MXTheIWgh11iojvV/v7AKFWZwO8AoTKtRQES5BIN/w=; b=qhz2I5LW6BonPLMlThn2ebTNmOqtCghyfT3JlrQUmD73hwcO3/Vaw3gUNTzvoqemWW An7txZb75RoNLFAEIexe2cAPrdcPePgVBOWHDY19g64PACyPfcTzx+IgtvaqThDCSP99 CMDLLm0+z7AYoW1QXim0ceI6x+nJD+llEIlskggehc14/Bl7rHp2vuu/3LepdjRDOj6A PNLCIrE5zvrvedrN/ARxKAcKUAPkXSM4aaOFC3MFJ3bIeTkaw72ai5Qwqy43t4Dqf3mW J1jTSuW9R4UgWDdH0kzj+cZeXHoAOIrwXFkkWTd+tWriEZJJIt/JCVNRBcLUCTjtBHGs 2hVQ==
X-Gm-Message-State: AN3rC/4Xs1h0skQY63RHH4UgSBAyVdwwYy7f8QwVT60m3qJaS6/u7+hK NCdOBiwkziQKdTFwXrRyR/e21XA1sg==
X-Received: by 10.157.42.132 with SMTP id e4mr6072671otb.86.1492719060713; Thu, 20 Apr 2017 13:11:00 -0700 (PDT)
MIME-Version: 1.0
Sender: hallam@gmail.com
Received: by 10.157.22.175 with HTTP; Thu, 20 Apr 2017 13:10:59 -0700 (PDT)
In-Reply-To: <FC831208-97A3-4F1B-A37C-F8646C3FB208@gmail.com>
References: <849511c0-6526-ecbe-2b56-7b459eaf010b@hawaii.edu> <alpine.LRH.2.20.999.1704201016120.518@bofh.nohats.ca> <FC831208-97A3-4F1B-A37C-F8646C3FB208@gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Thu, 20 Apr 2017 16:10:59 -0400
X-Google-Sender-Auth: sAbGFukgz678TIuJUU9G1AySLtM
Message-ID: <CAMm+LwhpcmfOWdLFHyA-NP__5_a8=W67CAfxJDjf-pAZMUGZrA@mail.gmail.com>
Subject: Re: Why are mail servers not also key servers?
To: Yoav Nir <ynir.ietf@gmail.com>
Cc: Paul Wouters <paul@nohats.ca>, Jon <jmoroney@hawaii.edu>, IETF Discussion Mailing List <ietf@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c1103d25d0502054d9ebd99"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/qk-OfpRTaPwTSvsQCS-EDZCLMe8>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Apr 2017 20:11:03 -0000
Sharon Boyen and I wrote this up as an RFC a while back: https://tools.ietf.org/html/rfc4386 The weakness as I see it is that it still lacks the data necessary to make the decision whether to use the key or not. In particular: Alice@example.com sends a message to Bob@example.net Forget the issue of trust for a moment, the infrastructure should deliver all the information that Alice's email client needs: * Is encryption refused, optional or required? * Which encryption protocols are supported (OpenPGP, S/MIME)? * Which key(s) should be used? Note that this is only the raw information, a client would also have to decide whether the information was trustworthy or not. Though if the email would be sent en-clair otherwise, that does not matter much. For ubiquitous use of message level encryption, it is essential to take into account the fact that spam and malware filtering is actually a bigger concern than confidentiality: END TO END ENCRYPTION IS NOT A PRIVILEGE I WILL EXTEND TO ANONYMOUS SENDERS So encrypted mail is going to have to be signed by an authorized sender for end to end encryption to be permitted. Everything else goes through the filters as usual. I am working on code right now: Prismproof.org On Thu, Apr 20, 2017 at 10:36 AM, Yoav Nir <ynir.ietf@gmail.com> wrote: > > On 20 Apr 2017, at 17:22, Paul Wouters <paul@nohats.ca> wrote: > > > generate a key pair on registration, store those keys on the server (in > an encrypted archive), and make the public key available. A little > coding later and we've got key exchange and message confidentiality. > > > SMTP servers could be key servers without having the private key of > individuals? > > > Sure. If they double as HTTPS servers. > > I want to send you an email, so I type “paul@nohats.ca” in the To: field, > and my MUA goes to https://mail-public-keys.nohats.ca/.well-known/mail- > pubkeys/paul and that gets your public key. > > And now my MUA can encrypt. And it all works, as long as we trust > nohats.ca (and conversely gmail.com) and as long as you have a copy of > your private key on every single MUA that you use. > > Small assumptions, no? > > Yoav > >
- Why are mail servers not also key servers? Jon
- Re: Why are mail servers not also key servers? Nico Williams
- Re: Why are mail servers not also key servers? Viktor Dukhovni
- Re: Why are mail servers not also key servers? Paul Wouters
- Re: Why are mail servers not also key servers? Yoav Nir
- Re: Why are mail servers not also key servers? Yoav Nir
- Re: Why are mail servers not also key servers? Paul Wouters
- Re: Why are mail servers not also key servers? Viktor Dukhovni
- Re: Why are mail servers not also key servers? Matthew Kerwin
- Re: Why are mail servers not also key servers? Jon
- Re: Why are mail servers not also key servers? Nico Williams
- Re: Why are mail servers not also key servers? Doug Royer
- Re: Why are mail servers not also key servers? Viktor Dukhovni
- Re: Why are mail servers not also key servers? Doug Royer
- Re: Why are mail servers not also key servers? Doug Royer
- Re: Why are mail servers not also key servers? John Levine
- Re: Why are mail servers not also key servers? Paul Wouters
- Re: Why are mail servers not also key servers? Phillip Hallam-Baker
- RE: Why are mail servers not also key servers? Paul Wouters
- RE: Why are mail servers not also key servers? Rui Costa
- RE: Why are mail servers not also key servers? Rui Costa
- Re: Why are mail servers not also key servers? Martin Thomson
- Re: Why are mail servers not also key servers? Doug Royer
- Re: Why are mail servers not also key servers? Doug Royer
- Re: Why are mail servers not also key servers? John Levine
- Re: Why are mail servers not also key servers? Philip Homburg
- Re: Why are mail servers not also key servers? John Levine
- Re: Why are mail servers not also key servers? Phillip Hallam-Baker
- Re: Why are mail servers not also key servers? Doug Royer
- Re: Why are mail servers not also key servers? Doug Royer
- Re: Why are mail servers not also key servers? Rich Kulawiec
- Re: Why are mail servers not also key servers? John C Klensin
- Re: Why are mail servers not also key servers? Doug Royer
- Re: Why are mail servers not also key servers? John C Klensin
- Re: Why are mail servers not also key servers? Doug Royer
- Re: Why are mail servers not also key servers? Phillip Hallam-Baker
- Re: Why are mail servers not also key servers? Philip Homburg
- Re: Why are mail servers not also key servers? Doug Royer
- Re: Why are mail servers not also key servers? Phillip Hallam-Baker
- Re: Why are mail servers not also key servers? Wei Chuang
- Re: Why are mail servers not also key servers? Phillip Hallam-Baker
- Re: Why are mail servers not also key servers? John R Levine
- Re: Why are mail servers not also key servers? Martin Thomson
- Re: Why are mail servers not also key servers? Phillip Hallam-Baker
- Re: Why are mail servers not also key servers? Dave Crocker
- Re: Why are mail servers not also key servers? Doug Royer
- Re: Why are mail servers not also key servers? Doug Royer