[Cryptography] Encoding Key Identifiers in email addresses

David Mercer radix42 at gmail.com
Thu Oct 17 15:26:59 EDT 2013 

On Wed, Oct 16, 2013 at 1:43 AM, Phillip Hallam-Baker <hallam at gmail.com>wrote:

> I was noodling round with the problem of how to force an existing client
> to do the right thing with respect to encryption. One option is to have an
> email gateway do opportunistic encryption if it can find a key. Which is OK
> but lacks user control.
>

*snip*

An email sender may send email to Alice through a compliant gateway as
> follows:
>

*snip*

> ACACEA-H7MBAA-LAA2RMA-FUAAFQ-AADHAHS-KNAL3A-DPZJAJ-KAA?alice at example.com Send
> email to Alice using encryption if and only if an encryption key for Alice
> can be found that is directly endorsed under the specified key, otherwise
> report an error. ACACEA-H7MBAA-LAA2RMA-FUAAFQ-AADHAHS-KNAL3A-DPZJAJ-KAA??
> alice at example.com Send email to Alice using encryption if and only if an
> encryption key for Alice can be found that is (directly or indierectly)
> endorsed under the specified key, otherwise report an error.
>

This reminds me a lot of RFC 5233 email address local-part tagging, e.g.
having a client convert one of the above to
alice+ACACEA-H7MBAA-LAA2RMA-FUAAFQ-AADHAHS-KNAL3A-DPZJAJ-KAA at exmple.comwhen
it has the key.

The pity is that different systems use a different character: plus (gmail,
apple, lots of others), a hyphen (yahoo, qmail and courier, notably), an
equals sign (mmdf) or freaking anything (postfix, didn't look up if there
is an easily un-commentable default).

Having the key identifier to the left of the untagged local-part is a nice
twist; the client could then look up an attribute in it's address book to
see if there was a local-part tag delimiter. This could easy auto-mated
client and/or gateway processing of the encryption at either or both ends.

-- 
David Mercer
PGP Public Key: http://davidmercer.nfshost.com/radix42.pubkey.txt
Fingerprint: A24F 5816 2B08 5B37 5096  9F52 B182 3349 0F23 225B
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20131018/0cf19ea9/attachment.html>

More information about the cryptography mailing list