IETF Logo Mail Archive

Re: Why are mail servers not also key servers?

Jon <jmoroney@hawaii.edu> Thu, 20 April 2017 17:01 UTC

Return-Path: <jmoroney@hawaii.edu>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7DA51131499 for <ietf@ietfa.amsl.com>; Thu, 20 Apr 2017 10:01:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=hawaii-edu.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JyMEUNk0aY30 for <ietf@ietfa.amsl.com>; Thu, 20 Apr 2017 10:01:17 -0700 (PDT)
Received: from mail-wr0-x235.google.com (mail-wr0-x235.google.com [IPv6:2a00:1450:400c:c0c::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8C687129ADC for <ietf@ietf.org>; Thu, 20 Apr 2017 10:01:16 -0700 (PDT)
Received: by mail-wr0-x235.google.com with SMTP id w50so16450912wrc.0 for <ietf@ietf.org>; Thu, 20 Apr 2017 10:01:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hawaii-edu.20150623.gappssmtp.com; s=20150623; h=subject:to:references:cc:from:message-id:date:user-agent :mime-version:in-reply-to; bh=8XGY3y/szkeekvj3Jh35sqJqaIPy8ejgGrIe8+fvsMQ=; b=UpN9NeK/VkT7pOpfc40ceKT9cuGD2F98LZ/zwJ7U4lvkvxhG2mgbyhJZXo25/2JExD EgKUJYS+4E+NqXdf8V7LzkItboQ0yrp89RMhC8u3/7WJjVWDb8qlGBHD+hWoqIqkjMyY jIo3EY6wRC9S/O3XZx6d28l+DLr3Pgmes9ZwiMz7+QGzZIa0gKEyQCr/pVLxTYjOLIFn TNQNyYACs4xxNFAqyiNz7DNd4cmzzF11+uGhNj/WXJzvJg2eJ0QdAm0ajZ9glUk8yLuW CPxm7eRjJqmFXYU8kxJ9D3FqFMaErWYzpjykdvEEf1lt5AMap/aNgnIe7A6eB++9OM2z 87iA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:cc:from:message-id:date :user-agent:mime-version:in-reply-to; bh=8XGY3y/szkeekvj3Jh35sqJqaIPy8ejgGrIe8+fvsMQ=; b=bESSyOpeJP2ZGWRycnNSloqwnh/Z8fqppAD85RNoS75CBCzoCmMHyOXMjbt/fQ1ASH 0n0HQ09tza4yfYJcKQzFIjooMsNDXhh+b3e4MdkA/i3dAmumCk61/u0jC/W3DRHN2TeU znfwIiskDALp5z0OiAKahZQ684uNz2F9GJsZEiD9I1wSnIO88MWAl4nzjzwcEBxFWw3Y iHUJ/EpP6Fh9q1bYMP+Zy6zK/O+0oOh4YIcVG3XL5yZWnRlBT7ol+RmdK/c74o31+3ih 5NKnUE6J8jKxFi0xUTyTyRKorxECWTvgONcu5I602IRV7zQzH3wYfKTnKnLv720jW0Pd F5ig==
X-Gm-Message-State: AN3rC/4hlE3A13B9Ga5zUG4WfNYvowqq/IUkS7g+QUfdqpdlcG4jP+3P UjWVk7I4ulxgBljk4PIo+rbHeLdz04N/s6+b3uJlcJsWCOdUOnf3lLpLAllx6p+3x8FQ4HguDg6 Ez7PdiUntbg+WXBCZHVGV8GkOTr50SYhCVtvZgNE=
X-Received: by 10.223.131.226 with SMTP id 89mr9372130wre.111.1492707675043; Thu, 20 Apr 2017 10:01:15 -0700 (PDT)
Received: from [192.168.1.213] (4daeb4bb.ftth.telfortglasvezel.nl. [77.174.180.187]) by smtp.gmail.com with ESMTPSA id p197sm8733268wmb.34.2017.04.20.10.01.13 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 20 Apr 2017 10:01:14 -0700 (PDT)
Subject: Re: Why are mail servers not also key servers?
To: Yoav Nir <ynir.ietf@gmail.com>
References: <849511c0-6526-ecbe-2b56-7b459eaf010b@hawaii.edu> <B897A3A3-4A47-4C74-B79F-4F93C86A338C@gmail.com>
Cc: ietf@ietf.org
From: Jon <jmoroney@hawaii.edu>
Message-ID: <82ab9e4d-05ba-bc39-c7d1-bda6ee8d9be5@hawaii.edu>
Date: Thu, 20 Apr 2017 19:01:05 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <B897A3A3-4A47-4C74-B79F-4F93C86A338C@gmail.com>
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="PHlwTFVOwAS71OJ4BaMN9e04CNIf61J2P"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/zM77VG1dPgIWSj5PePz5UYoeX8Y>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Apr 2017 17:01:20 -0000

On 20/04/2017 16:29, Yoav Nir wrote:
>> *SNIP*
> I’m sure such things have been considered in the past, and for certain
> SMTP could be extended. I can think of a few complications right of the
> top of my head. There are undoubtedly others:
> 
> 1. People use multiple MUAs. For this account I use this Mac MUA, a
> phone MUA, and occasionally the web-based MUA. I’d need to share the
> private key to receive encrypted mail on all three. Doing it in the
> browser is a hard problem.
> 
This is why I think smtp should be extended. All your mail agents
support (E)SMTP and presumably they would all support an extension to
smtp. The private keys will need to be stored some how to allow for
multiple clients, but a key generated from user input could be used to
decrypt a stored copy of the private key.

> 2. There’s the administrative problem of tying the SMTP server to
> whatever server is serving the public keys. HTTPS from the same IP
> address? New special DNS SRV record somehow tied to the gmail.com
> <http://gmail.com> MX record?
> 
Indeed there is an administrative problem. I've done a project I call
CMTP that takes a very federated, hand off stance on this to keep
administration down.
https://github.com/darakian/cmtp
tl;dr servers have keys and sign transactions. The server key is simply
requested and is trusted on first use.

> 3. How much to you trust your email provider? Because they could
> trivially serve the wrong public key and intercept your traffic.
> 
I really dislike this argument. You, me, and many others already trust
our mail servers in the same capacity. Sure a mail server could serve
the wrong key and then my mail ends up in a nefarious villains hands,
but that is already the case today. If there's some degree of
confidentiality we at least have traffic interception as a possible case
rather than the default.


Jon

v2.23.0 | Report a Bug | By Email