IETF Logo Mail Archive

Re: Why are mail servers not also key servers?

Yoav Nir <ynir.ietf@gmail.com> Thu, 20 April 2017 14:29 UTC

Return-Path: <ynir.ietf@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 16A9713147C for <ietf@ietfa.amsl.com>; Thu, 20 Apr 2017 07:29:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Mob5OK3-9rR0 for <ietf@ietfa.amsl.com>; Thu, 20 Apr 2017 07:29:53 -0700 (PDT)
Received: from mail-wr0-x244.google.com (mail-wr0-x244.google.com [IPv6:2a00:1450:400c:c0c::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1344E13146A for <ietf@ietf.org>; Thu, 20 Apr 2017 07:29:52 -0700 (PDT)
Received: by mail-wr0-x244.google.com with SMTP id o21so7808356wrb.3 for <ietf@ietf.org>; Thu, 20 Apr 2017 07:29:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=uLGWiuqn+B9qYAhhZjlyNV2izu/2cmFKnGqICCJzg4U=; b=VJHyCFhA4sC2iJeiz8yZzUuT1ZiC+FU1+KN+wQNY51YAbPiVehmngm5IbDOaSOkAtF HtBFPL4uk8zBm4WCnhdXZr1V4Sbvyy7HOMKPVb0yWNUbedRDTaNuj86DZRAt5VDmpWoi 0Ak8/uUZOLlKVgtEcldg02q9RlOtvi/7k2GrKvtJQXJgK6O0r+DmheneySZdn1vyrrTE jpnE8wEtIyKxAfxxhMMV5ZuzeBlCcStS1f03Ugm5DL52y4foee1F+G+nimYSTa9stq7t 00EPN+ygx2ieVKFTaCBTKYXOVlxmbAdbXhkkdQ4BcPLPwK/4Skeql3DgFhs78xhNrguI 4GFw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=uLGWiuqn+B9qYAhhZjlyNV2izu/2cmFKnGqICCJzg4U=; b=nErmY7XPthzJwh83u8ShQMD9QXp4Dk1BJX+BDMZv9S0nPGvs3MPIoheV4Q7DqT7scc BjbE4/Bu/ndJbercUZm7g8xu8TFo1PvkdLQKnOXByu5I74u65xJlVzvBjd9nWdfkGifB KfhfQQqxIhvXVOwPjkZouIZwHLsqbZu01ePOILbk1+VqeADiQXv7XqMg83Ny9xkDaQ2f 6XQDNAs5zd/yCL4z+DcwWjgPOfPV/no50nTUmIhwR2Ttu32acAnnTsFjWPworWKXBsqH V8/t6s3SBQW+sJbeGTWjRJjcfs5CkP1zbCj2woptOhjevJp7Aa2YXCteewWZoSi1j8q8 Dlqw==
X-Gm-Message-State: AN3rC/4F6QbJAvzx/vQ9BjkWO2RCXmso8YJ8c7avoLIYE04WhO1WXk1l 0WTNE+41R8k/JzcSJJM=
X-Received: by 10.223.150.121 with SMTP id c54mr7840698wra.202.1492698591467; Thu, 20 Apr 2017 07:29:51 -0700 (PDT)
Received: from [172.24.251.229] (dyn32-131.checkpoint.com. [194.29.32.131]) by smtp.gmail.com with ESMTPSA id o9sm8318612wmd.4.2017.04.20.07.29.50 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 20 Apr 2017 07:29:50 -0700 (PDT)
From: Yoav Nir <ynir.ietf@gmail.com>
Message-Id: <B897A3A3-4A47-4C74-B79F-4F93C86A338C@gmail.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_5196DFAF-D6CF-4F51-A3C6-6CF3A29C157E"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Subject: Re: Why are mail servers not also key servers?
Date: Thu, 20 Apr 2017 17:29:46 +0300
In-Reply-To: <849511c0-6526-ecbe-2b56-7b459eaf010b@hawaii.edu>
Cc: ietf@ietf.org
To: Jon <jmoroney@hawaii.edu>
References: <849511c0-6526-ecbe-2b56-7b459eaf010b@hawaii.edu>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/tvvhS99tYRiOFXWP7-OM7TRczfg>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Apr 2017 14:29:55 -0000

On 20 Apr 2017, at 16:20, Jon <jmoroney@hawaii.edu> wrote:

> Hi All,
> 
> I'm not sure if this is a topic which has already come up or not (I did
> a simple search brought nothing up).
> 
> Anyway, the state of email security is still pretty poor despite much
> low hanging fruit. PGP is great for those that use
> it, but they are a small group. TLS seems to be the only wide spread
> security implementation and I suspect that it has worked because it's
> transparent to the end users. So, why hasn't key exchange been made to
> be transparent? Why are (E)SMTP servers not also key servers? Have users
> generate a key pair on registration, store those keys on the server (in
> an encrypted archive), and make the public key available. A little
> coding later and we've got key exchange and message confidentiality.
> 
> Some extra security can be had by giving mail servers their own keys
> with which they can sign exchanges (and remember each other). TLS can be
> used to as part of an initial key exchange if that is desired. Can
> we not extend smtp again to include the necessary key exchange commands?
> Is there any movement on this?
> 

Hi, Jon

I’m sure such things have been considered in the past, and for certain SMTP could be extended. I can think of a few complications right of the top of my head. There are undoubtedly others:

1. People use multiple MUAs. For this account I use this Mac MUA, a phone MUA, and occasionally the web-based MUA. I’d need to share the private key to receive encrypted mail on all three. Doing it in the browser is a hard problem.

2. There’s the administrative problem of tying the SMTP server to whatever server is serving the public keys. HTTPS from the same IP address? New special DNS SRV record somehow tied to the gmail.com <http://gmail.com/> MX record?

3. How much to you trust your email provider? Because they could trivially serve the wrong public key and intercept your traffic.

Yoav

v2.23.0 | Report a Bug | By Email