On Sun, Apr 19, 2015 at 7:53 AM, Paul Wouters <[email protected]> wrote: > On Sat, 19 Apr 2015, John Levine wrote: > >>> -Key discovery in email has been kicked around a bunch, but no >>> reasonable proposals yet. Doesn't seem that hard. >> >> >> There's a draft in DANE which I think is fatally flawed for reasons >> that boil down to DNS lookups are utterly unlike mailbox lookups. >> >> I agree it's not that hard. Something like webfinger with the http >> server found via SRV should work. > > > And at the dane list it is also discussed why others think the current > proposal(s) work well for real life mailboxes, and why out-of-band > key discovery for email boxes is very problematic.
There's a difference between actually solving a problem, and making a stab at a solution. Unless you are a mail provider, you don't know what's actually deployable. In fact, adding SMTP commands and extra headers containing keys is probably much less burdensome from an operational perspective: patching software vs. hooking things up in weird ways. Proposals need to answer the following questions 1: Who gets to say which key to use? 2: How is key rotation handled? 3: Is this going to be compatible with Google/Yahoo/Microsoft's existing way of doing things? 4: How hard it is to start using the new system? As far as I can tell, the DANE based solution doesn't answer much of this. Sincerely, Watson Ladd > > For perpass people not on the dane list, the proposals for key discovery > for verifying and encrypting email are: > > https://tools.ietf.org/html/draft-ietf-dane-openpgpkey-03 > > https://tools.ietf.org/html/draft-ietf-dane-smime-08 > > Paul > > > _______________________________________________ > perpass mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/perpass -- "Man is born free, but everywhere he is in chains". --Rousseau. _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
