Bear in mind another reason the web uses standalone certs - even with 100% fast reliable key servers, doing lookups out of band would leak private browsing data to the CA's/keyservers. Data that they don't want to receive, but could be forced to keep by data retention laws anyway. This problem seems to also exist with email. When you can verify a key by just verifying a bundled cert chain, this problem goes away.
_______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
