On Mon, Nov 17, 2014 at 02:34:06AM -0500, Paul Wouters wrote:
> >Users likely also need to store old private keys forever so that
> >old mail can still be read. The complete architecture for encrypted
> >email has many parts we're not making explicit, but all have a
> >bearing on key management requirements for MUAs.
>
> I'd call that out of scope. I think of OPENPGKEY as a transport plus
> data in rest protection while in-transit. Once the final enduser gets
> the email, I expect their email client to decrypt it and store it
> locally, so it remains searchable, indexable, etc. I also expect them
> to use full disk encryption to protect all their email. This method
> does not require keeping old private keys.
It is out of scope for the DANE SMIMEA and OPENPGP documents, but
it is not out of scope for an architecture or requirements document.
The pieces have to fit together.
Decrypted local storage is a fine model. We need more MUAs that
support that mode of operation. We also need to consider the
implications for sign-then-encrypt vs. encrypt-then-sign, and how
signature validation status is retained. Yes, of course not in
the DANE-specific documents, but these should be part of a more
complete architecture (IIRC something along those lines is an argument
that PHB is making).
--
Viktor.
_______________________________________________
Endymail mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/endymail
