On Sat, Oct 26, 2013 at 2:37 PM, Paul Wouters <[email protected]> wrote:
> On Sat, 26 Oct 2013, Phillip Hallam-Baker wrote: > > I can't see much point in applying and removing PGP and/or S/MIME at the >> start and end of the TLS tunnel. >> > > Exactly. If you do that, you should encrypt it to the _recipients_ > private key, not some random mailserver's private key. > > which brings us back to draft-wouters-dane-openpgp-01 I don't see much point in trying to couple DANE to PGP. I don't care about sending mail to cypherpunks.ca <[email protected]>, I care about sending it to Paul Wouters. Except in very rare instances where an individual controls the domain or if I am sending to an enterprise, the domain is going to be pretty much irrelevant to authenticating the key. Locking down the mailserver key with DANE makes prefect sense. In fact that is the only reason I can see to do DNSSEC right now. -- Website: http://hallambaker.com/
_______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
