On Thu, Apr 02, 2015 at 06:52:33PM +0200, Christian R??ner wrote:
> > libsmaug uses these labels (as well as our soon-to-be available
> > provisioning portal).
>
> Just a question for ._encr and ._sign:
>
> Do you really plan to store private keys in public DNS? Is it, what ._sign
> will be used for? Isn?t this really a security issue?
No they are public keys in both cases. Some public keys are for
signing only, others are for encryption (which means that they can
receive encrypted content).
The idea that these need separate locations in DNS has not seen
much support on this list. In consumer deployments, I don't see
such separation as likely to take place.
In enterprise deployments, I expect implementations will publish
gateway keys that decrypt the email, apply various content policies,
and then sometimes deliver re-encrypted content to the end-user,
but using keys that the outside world does not see.
--
Viktor.
To be honest, I don't expect encrypted messages in the mailbox to
ever be very popular, encrypted storage is just too inconvenient
for most users. End-to-end is good for live conversations, but
not so well suited to archived communication. We can try to make
it more usable for those willing to put up with the inconvenience,
but I would not really expect large-scale adoption.
That's a personal best guess of course, I am willing to be proved
wrong.
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
