On Sat, Oct 26, 2013 at 1:31 PM, Phillip Hallam-Baker <[email protected]> wrote:
> The other advantage to using message layer security is that it is possible > to force use of encryption. So for example, let us imagine that I have an > outbound mail server that knows how to resolve key identifiers to public > keys using some protocol (Vcard, WebFinger, WKS, wev). I can poke the > outbound mail server to automatically encrypt messages if the email address > has a particular escape code in it. At the moment I am using a question > mark. Would it be worthwhile to try to include as many ways of turning identifiers into keys as possible, to compare and contrast, to make it as difficult as feasible for any particular MITM to subvert all of them? Or should the server simply go through a list of possible key sources until it finds one; or should a particular form of key retrieval be set as the only method? Thank you for your time, -- DataPacRat "Then again, I could be wrong." _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
