E-mail is not an online protocol between two MUAs. When you send an e-mail your MUA is not talking directly to the recipient's MUA, and there are no automated replies except for vacation replies.
Thus in a cold-call e-mail send you have no knowledge about the recipient's MUA's capabilities. You can only sign your e-mail and hope that the recipient can validate the signature. If you know the recipient's public key and can derive some knowledge about the recipient's MUA's capabilities from that public key and surrounding material, such as a certificate or other metadata, then you can send signed and encrypted e-mail to them. The required metadata -the recipient's MUA's capabilities- are found where the recipient's public key is found. That metadata has to be somewhere, but e-mail headers isn't that somewhere. This limits your and your correspondents' ability to switch to other MUAs: they'd better support the capabilities that you've advertised with your keys. Sure, we could build a TLS-like protocol out of e-mail, if MUAs knew how to speak to each other the mail network. You'd say you want to send e-mail to [email protected] and your MUA could send a specially crafted e-mail that Joe's MUA understands as a ClientHello (and which Joe wouldn't see, as it would do Joe no good to see it), responding with ServerHello and so on, and then you have a session key that you can use to send encrypted mail to Joe. And then we'd need to negotiate cipher suites and such just like TLS. But that's not how e-mail works. You send an e-mail, and hopefully it gets there, and there's no automatic ping-pong until keys are established, there's only that one e-mail. That's why S/MIME and PGP work the way they do. There are reasons why S/MIME and PGP haven't become killer apps (and someone who knows much more about them than I can lay them out), but lack of a header by which to communicate MUA capabilities is not one of them -- we would have solved that long ago if it had been. Nico -- _______________________________________________ therightkey mailing list [email protected] https://www.ietf.org/mailman/listinfo/therightkey
