[16197] in cryptography@c2.net mail archive
Re: public-key: the wrong model for email?
daemon@ATHENA.MIT.EDU (Eugen Leitl)
Fri Sep 17 16:30:52 2004
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Fri, 17 Sep 2004 22:28:51 +0200
From: Eugen Leitl <eugen@leitl.org>
To: Cryptography List <cryptography@metzdowd.com>
--J5FrOEGMqM5WYDI3
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Fri, Sep 17, 2004 at 07:35:09PM +0100, Ian Grigg wrote:
> Oh, that's really easy. Each mailer (MUA) should (on
> install) generate a self-signed cert. Stick the fingerprint
apt-get install postfix-tls
Allright, this still doesn't generate the certs, nor reference them in the
main.cf.
> in the headers of every mail going out. An MUA that sees
> the fingerpring in an incoming mail can send a request email
> to acquire the full key. Or stick the entire cert in there,
> it's not as if anyone would care.
I would cache the cert fingerprints, and log when those change.
=20
> Then each MUA can start encrypting to that key opportunistically.
Start/TLS does encrypt my mail far more often the PGP/GPG.
=20
> Lots of variations. But the key thing is that the MUA
> should simply generate the key, sign it, and send it out
> on demand, or more freuqently. There's really no reason
> why this can't all be automated. After all, the existing
> email system is automated, and trusted well enough to
> deliver email, so why can't it deliver self-signed certs?
Talk to Exim/Postfix maintainers. They should ship self-signed cert Start/T=
LS
config out of the box. Even without cert caching, that'd require a MITM.
Not exactly cheap, and prone to detection, if practiced on a nonnegligible
scale (fingerprint checking).
--=20
Eugen* Leitl <a href=3D"http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07078, 11.61144 http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
http://moleculardevices.org http://nanomachines.net
----- End forwarded message -----
--=20
Eugen* Leitl <a href=3D"http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07078, 11.61144 http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
http://moleculardevices.org http://nanomachines.net
--J5FrOEGMqM5WYDI3
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)
iD8DBQFBS0kDdbAkQ4sp9r4RAj62AKCo8P5ZuT5D3evByb0Xy93FI9TeEQCdEISJ
btrB10F0/Uw7xI70XSRT1Yo=
=7d6X
-----END PGP SIGNATURE-----
--J5FrOEGMqM5WYDI3--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
