[messaging] Thoughts on keyservers

Mike Hearn mike at plan99.net
Mon Aug 18 10:36:11 PDT 2014 

>
> Replacing the trust model with an improved system would seem to require
> rewriting the S/MIME
> implementation in every client.


Allowing multiple signatures to be attached to a mail and then teaching
email clients to only show "Valid signature" if there are enough probably
just involves new code rather than rewriting much existing code. But yes
it'd require changes to the clients.


> I've also never understood how keys
> are supposed to be distributed for global communication in S/MIME or
> if there's even a standard way to do this.
>

The way Mail.app seems to do it (not tried Thunderbird) is that when you
get a signed email, it saves the certificate to your local store. Once
you've received a signed message from someone your emails to them will be
automatically encrypted, but *only if you are also signing your mails*. The
apps don't like you sending unsigned email encrypted to someone else, which
is annoying.

So key distribution is basically decentralised and highly scalable, because
once you got your certificate issued there are no central servers involved
again, just email attachments. This seems like an attractive quality. In
particular it prevents any third party servers learning when you opened
mail.


> I mainly chose OpenPGP over S/MIME because I can extend it without
> depending on CAs to not reject certificates with new features


Yes, from an innovation/extensibility standpoint it's unfortunate that CA's
won't sign things they don't understand, although I understand why they
won't from a security POV (I probably wouldn't sign opaque data structures
that could mean anything either....). However for just adding thresholding
the certs can be the same, I'd think? You just need >1 of them.

Running a cheesy/low security CA is not very hard, it could be done on
AppEngine. I guess if cool new features were created and prototyped,
existing CA's could be persuaded to support new features. It's good
business for them - if the new features increase demand for certs, they
make more money.


> btw, Phillip Hallman-Baker is working on an S/MIME based system which
> also requires plenty of new infrastructure:
>
> http://prismproof.org/resources.html#specification
> <http://prismproof.org/resources.html#specifications>


Thanks, will check it out.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140818/503102ed/attachment.html>

More information about the Messaging mailing list