Re: Why are mail servers not also key servers?
Jon <jmoroney@hawaii.edu> Thu, 20 April 2017 17:01 UTC
Return-Path: <jmoroney@hawaii.edu>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7DA51131499 for <ietf@ietfa.amsl.com>; Thu, 20 Apr 2017 10:01:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=hawaii-edu.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JyMEUNk0aY30 for <ietf@ietfa.amsl.com>; Thu, 20 Apr 2017 10:01:17 -0700 (PDT)
Received: from mail-wr0-x235.google.com (mail-wr0-x235.google.com [IPv6:2a00:1450:400c:c0c::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8C687129ADC for <ietf@ietf.org>; Thu, 20 Apr 2017 10:01:16 -0700 (PDT)
Received: by mail-wr0-x235.google.com with SMTP id w50so16450912wrc.0 for <ietf@ietf.org>; Thu, 20 Apr 2017 10:01:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hawaii-edu.20150623.gappssmtp.com; s=20150623; h=subject:to:references:cc:from:message-id:date:user-agent :mime-version:in-reply-to; bh=8XGY3y/szkeekvj3Jh35sqJqaIPy8ejgGrIe8+fvsMQ=; b=UpN9NeK/VkT7pOpfc40ceKT9cuGD2F98LZ/zwJ7U4lvkvxhG2mgbyhJZXo25/2JExD EgKUJYS+4E+NqXdf8V7LzkItboQ0yrp89RMhC8u3/7WJjVWDb8qlGBHD+hWoqIqkjMyY jIo3EY6wRC9S/O3XZx6d28l+DLr3Pgmes9ZwiMz7+QGzZIa0gKEyQCr/pVLxTYjOLIFn TNQNyYACs4xxNFAqyiNz7DNd4cmzzF11+uGhNj/WXJzvJg2eJ0QdAm0ajZ9glUk8yLuW CPxm7eRjJqmFXYU8kxJ9D3FqFMaErWYzpjykdvEEf1lt5AMap/aNgnIe7A6eB++9OM2z 87iA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:cc:from:message-id:date :user-agent:mime-version:in-reply-to; bh=8XGY3y/szkeekvj3Jh35sqJqaIPy8ejgGrIe8+fvsMQ=; b=bESSyOpeJP2ZGWRycnNSloqwnh/Z8fqppAD85RNoS75CBCzoCmMHyOXMjbt/fQ1ASH 0n0HQ09tza4yfYJcKQzFIjooMsNDXhh+b3e4MdkA/i3dAmumCk61/u0jC/W3DRHN2TeU znfwIiskDALp5z0OiAKahZQ684uNz2F9GJsZEiD9I1wSnIO88MWAl4nzjzwcEBxFWw3Y iHUJ/EpP6Fh9q1bYMP+Zy6zK/O+0oOh4YIcVG3XL5yZWnRlBT7ol+RmdK/c74o31+3ih 5NKnUE6J8jKxFi0xUTyTyRKorxECWTvgONcu5I602IRV7zQzH3wYfKTnKnLv720jW0Pd F5ig==
X-Gm-Message-State: AN3rC/4hlE3A13B9Ga5zUG4WfNYvowqq/IUkS7g+QUfdqpdlcG4jP+3P UjWVk7I4ulxgBljk4PIo+rbHeLdz04N/s6+b3uJlcJsWCOdUOnf3lLpLAllx6p+3x8FQ4HguDg6 Ez7PdiUntbg+WXBCZHVGV8GkOTr50SYhCVtvZgNE=
X-Received: by 10.223.131.226 with SMTP id 89mr9372130wre.111.1492707675043; Thu, 20 Apr 2017 10:01:15 -0700 (PDT)
Received: from [192.168.1.213] (4daeb4bb.ftth.telfortglasvezel.nl. [77.174.180.187]) by smtp.gmail.com with ESMTPSA id p197sm8733268wmb.34.2017.04.20.10.01.13 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 20 Apr 2017 10:01:14 -0700 (PDT)
Subject: Re: Why are mail servers not also key servers?
To: Yoav Nir <ynir.ietf@gmail.com>
References: <849511c0-6526-ecbe-2b56-7b459eaf010b@hawaii.edu> <B897A3A3-4A47-4C74-B79F-4F93C86A338C@gmail.com>
Cc: ietf@ietf.org
From: Jon <jmoroney@hawaii.edu>
Message-ID: <82ab9e4d-05ba-bc39-c7d1-bda6ee8d9be5@hawaii.edu>
Date: Thu, 20 Apr 2017 19:01:05 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <B897A3A3-4A47-4C74-B79F-4F93C86A338C@gmail.com>
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="PHlwTFVOwAS71OJ4BaMN9e04CNIf61J2P"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/zM77VG1dPgIWSj5PePz5UYoeX8Y>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Apr 2017 17:01:20 -0000
On 20/04/2017 16:29, Yoav Nir wrote: >> *SNIP* > I’m sure such things have been considered in the past, and for certain > SMTP could be extended. I can think of a few complications right of the > top of my head. There are undoubtedly others: > > 1. People use multiple MUAs. For this account I use this Mac MUA, a > phone MUA, and occasionally the web-based MUA. I’d need to share the > private key to receive encrypted mail on all three. Doing it in the > browser is a hard problem. > This is why I think smtp should be extended. All your mail agents support (E)SMTP and presumably they would all support an extension to smtp. The private keys will need to be stored some how to allow for multiple clients, but a key generated from user input could be used to decrypt a stored copy of the private key. > 2. There’s the administrative problem of tying the SMTP server to > whatever server is serving the public keys. HTTPS from the same IP > address? New special DNS SRV record somehow tied to the gmail.com > <http://gmail.com> MX record? > Indeed there is an administrative problem. I've done a project I call CMTP that takes a very federated, hand off stance on this to keep administration down. https://github.com/darakian/cmtp tl;dr servers have keys and sign transactions. The server key is simply requested and is trusted on first use. > 3. How much to you trust your email provider? Because they could > trivially serve the wrong public key and intercept your traffic. > I really dislike this argument. You, me, and many others already trust our mail servers in the same capacity. Sure a mail server could serve the wrong key and then my mail ends up in a nefarious villains hands, but that is already the case today. If there's some degree of confidentiality we at least have traffic interception as a possible case rather than the default. Jon
- Why are mail servers not also key servers? Jon
- Re: Why are mail servers not also key servers? Nico Williams
- Re: Why are mail servers not also key servers? Viktor Dukhovni
- Re: Why are mail servers not also key servers? Paul Wouters
- Re: Why are mail servers not also key servers? Yoav Nir
- Re: Why are mail servers not also key servers? Yoav Nir
- Re: Why are mail servers not also key servers? Paul Wouters
- Re: Why are mail servers not also key servers? Viktor Dukhovni
- Re: Why are mail servers not also key servers? Matthew Kerwin
- Re: Why are mail servers not also key servers? Jon
- Re: Why are mail servers not also key servers? Nico Williams
- Re: Why are mail servers not also key servers? Doug Royer
- Re: Why are mail servers not also key servers? Viktor Dukhovni
- Re: Why are mail servers not also key servers? Doug Royer
- Re: Why are mail servers not also key servers? Doug Royer
- Re: Why are mail servers not also key servers? John Levine
- Re: Why are mail servers not also key servers? Paul Wouters
- Re: Why are mail servers not also key servers? Phillip Hallam-Baker
- RE: Why are mail servers not also key servers? Paul Wouters
- RE: Why are mail servers not also key servers? Rui Costa
- RE: Why are mail servers not also key servers? Rui Costa
- Re: Why are mail servers not also key servers? Martin Thomson
- Re: Why are mail servers not also key servers? Doug Royer
- Re: Why are mail servers not also key servers? Doug Royer
- Re: Why are mail servers not also key servers? John Levine
- Re: Why are mail servers not also key servers? Philip Homburg
- Re: Why are mail servers not also key servers? John Levine
- Re: Why are mail servers not also key servers? Phillip Hallam-Baker
- Re: Why are mail servers not also key servers? Doug Royer
- Re: Why are mail servers not also key servers? Doug Royer
- Re: Why are mail servers not also key servers? Rich Kulawiec
- Re: Why are mail servers not also key servers? John C Klensin
- Re: Why are mail servers not also key servers? Doug Royer
- Re: Why are mail servers not also key servers? John C Klensin
- Re: Why are mail servers not also key servers? Doug Royer
- Re: Why are mail servers not also key servers? Phillip Hallam-Baker
- Re: Why are mail servers not also key servers? Philip Homburg
- Re: Why are mail servers not also key servers? Doug Royer
- Re: Why are mail servers not also key servers? Phillip Hallam-Baker
- Re: Why are mail servers not also key servers? Wei Chuang
- Re: Why are mail servers not also key servers? Phillip Hallam-Baker
- Re: Why are mail servers not also key servers? John R Levine
- Re: Why are mail servers not also key servers? Martin Thomson
- Re: Why are mail servers not also key servers? Phillip Hallam-Baker
- Re: Why are mail servers not also key servers? Dave Crocker
- Re: Why are mail servers not also key servers? Doug Royer
- Re: Why are mail servers not also key servers? Doug Royer