On Tue, Jul 21, 2015 at 07:29:01PM +0100, Jeremy Harris wrote:
> On 21/07/15 16:30, Viktor Dukhovni wrote:
> > However, to be honest I still fear that for lookups of end-to-end
> > email crypto keys, DNS may not be the right protocol.
>
> Also playing in this space:
>
> https://tools.ietf.org/html/draft-moore-email-addrquery-01
>
> - an smtp extension for doing this sort of lookup.
Which proxies the queries via TLS through the MSA (post authentication),
thus introducing no new privacy issues, since once the mail is
sent, the MSA sees the envelope recipients anyway.
The MSA will then proxy the request also via TLS, and ideally
authenticate the request via DANE (this leg is an MTA-to-MTA SMTP
operation). With a bit of work, this proposal seems promising.
We also have:
https://tools.ietf.org/html/draft-miller-saag-key-discovery-00
which at first glance is not a step in the right direction.
--
Viktor.
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
