Why do we even need DNS and names for email encryption? The path/address to reach a peer should be independent of the cryptographic identity used for peer-to-peer authentication/encryption.
IMHO we should be looking a key centric approaches that loosely bind one or more sets of names/email addresses to public key identifiers. Paul On 12/29/13, 11:38 AM, "Watson Ladd" <[email protected]> wrote: >One obvious solution for end-to-end email encryption is to use >ID-based cryptography: a new record type would be defined in the DNS >containing the system key for an ID-based system, and the username >(everything before the '@') would be the identity used. This would not >obscure addresses or the fact of communication right now, but would >prevent interception at intermediate nodes. It would be webmail >compatible. > >Are there any issues beyond the merely cryptographic that I need to >consider here? Can this be shoehorned into S/MIME, or do we need to do >something new? In the next few days I will try to make a >draft/implementation for this. > >Sincerely, >Watson Ladd >_______________________________________________ >perpass mailing list >[email protected] >https://www.ietf.org/mailman/listinfo/perpass _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
