[saag] will email key discovery be done by MUAs or MTAs/MSAs? (was: IETF 93 Agenda Request - Key Discovery)
Keith Moore <moore@network-heretics.com> Fri, 24 July 2015 21:04 UTC
Return-Path: <moore@network-heretics.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0A8AE1ACDCA for <saag@ietfa.amsl.com>; Fri, 24 Jul 2015 14:04:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sHfFo33w9GVV for <saag@ietfa.amsl.com>; Fri, 24 Jul 2015 14:04:09 -0700 (PDT)
Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7CDC91A9047 for <saag@ietf.org>; Fri, 24 Jul 2015 14:04:04 -0700 (PDT)
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id CCE11204B3 for <saag@ietf.org>; Fri, 24 Jul 2015 17:04:03 -0400 (EDT)
Received: from frontend2 ([10.202.2.161]) by compute3.internal (MEProxy); Fri, 24 Jul 2015 17:04:03 -0400
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:message-id:mime-version:subject:to:x-sasl-enc :x-sasl-enc; s=smtpout; bh=6FEuEYjvY1gFtzmvoQXvJWik5s4=; b=qizk7 IJz20A6u8vorIMvxLPmUbviVI++xGl3/Jl2POFsZVuBd2hXfg3uGQgqLGgelESjo /u4s4qyNl41ahvyqfWuc2msWV6nT0F6jFTlVNR5IRWS+zTkkl87MRbH3CHjEkxEI +cylojN/x+qFzy592dcyz80GU7TRsP3d47utBE=
X-Sasl-enc: Ts7EDZl2SxUNAcLa4hZ04+TCXxC5l347cpHslOZZiC90 1437771843
Received: from [192.168.1.66] (108-221-180-15.lightspeed.knvltn.sbcglobal.net [108.221.180.15]) by mail.messagingengine.com (Postfix) with ESMTPA id 53ECC6800A8; Fri, 24 Jul 2015 17:04:03 -0400 (EDT)
Message-ID: <55B2A83F.90905@network-heretics.com>
Date: Fri, 24 Jul 2015 17:03:59 -0400
From: Keith Moore <moore@network-heretics.com>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Thunderbird/31.8.0
MIME-Version: 1.0
To: saag@ietf.org
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/ZklpEvrsRnFx3Nwp2R3aWIDwulY>
Subject: [saag] will email key discovery be done by MUAs or MTAs/MSAs? (was: IETF 93 Agenda Request - Key Discovery)
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Jul 2015 21:04:11 -0000
Matt Miller wrote: > I think key discovery will be used far far more by MUAs than MTAs or MSAs. As much as I would prefer that all MUAs implement key discovery and encryption, I actually suspect that key discovery will be used more frequently by MSAs than by MUAs, at least in the near term. Part of the reason for this is that it's much easier to deploy: MSAs are better maintained, less diverse, and easier to upgrade than MUAs. Another part of the reason is that various enterprises have legal or other requirements for logging of outgoing mail, which is easier to implement if encryption (and thus key lookup) are done in the MSA. MUAs should of course be capable of doing key lookup and encryption, but some enterprise MSAs might be configured to refuse to deliver encrypted messages. But, really, the effort of implementing client query code for either AQRY or webfinger (regardless of whether done on an MSA or MUA) is minimal. That's not an important distinction between the two. The important distinctions are things like: how to keep the interpretation of an address consistent with that mail domain's interpretation of the address, how to deal with things like mail forwarding and aliasing, how to verify that the information obtained is authentic, how to optimize deployability, etc. Keith