I've been wondering about this. When I think about using crypto (whether encryption or signatures), it seems like requiring a discovery mechanism was increasing the burden. For many of my correspondents, with whom I'm currently communicating in the clear, a TOFU key exchange in those emails (authenticated out-of-band) might be a plausible mechanism.
Take current implementations of S/MIME and adjust them to allow self-signed certificates in addition to (or instead of) ones signed by a list of CAs configured into the MUA.
All done. In my experience, the main problems with S/MIME are key distribution and key discovery. For key distribution, you need to go to someplace like Comodo or Startcom to get a signed cert, which goes into your browser, and then you need to do some grotty software specific thing to export it from the browser and import it into the MUA. For key discovery, in practice everyone populates their keystores with certs from incoming signed mail, which is supposed to be safe because it only accepts keys that are signed. It is supposed to be possible to get keys via LDAP from a key server, but people don't do that. A system with key discovery, so you can send all mail encrypted to someone, including the first one, seems more useful than one that requires an insecure handshake first. Key distribtion via DANE could be a reasonable approach. R's, John
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Endymail mailing list [email protected] https://www.ietf.org/mailman/listinfo/endymail
