[Cryptography] Encoding Key Identifiers in email addresses
David Mercer
radix42 at gmail.com
Thu Oct 17 15:26:59 EDT 2013
On Wed, Oct 16, 2013 at 1:43 AM, Phillip Hallam-Baker <hallam at gmail.com>wrote:
> I was noodling round with the problem of how to force an existing client
> to do the right thing with respect to encryption. One option is to have an
> email gateway do opportunistic encryption if it can find a key. Which is OK
> but lacks user control.
>
*snip*
An email sender may send email to Alice through a compliant gateway as
> follows:
>
*snip*
> ACACEA-H7MBAA-LAA2RMA-FUAAFQ-AADHAHS-KNAL3A-DPZJAJ-KAA?alice at example.com Send
> email to Alice using encryption if and only if an encryption key for Alice
> can be found that is directly endorsed under the specified key, otherwise
> report an error. ACACEA-H7MBAA-LAA2RMA-FUAAFQ-AADHAHS-KNAL3A-DPZJAJ-KAA??
> alice at example.com Send email to Alice using encryption if and only if an
> encryption key for Alice can be found that is (directly or indierectly)
> endorsed under the specified key, otherwise report an error.
>
This reminds me a lot of RFC 5233 email address local-part tagging, e.g.
having a client convert one of the above to
alice+ACACEA-H7MBAA-LAA2RMA-FUAAFQ-AADHAHS-KNAL3A-DPZJAJ-KAA at exmple.comwhen
it has the key.
The pity is that different systems use a different character: plus (gmail,
apple, lots of others), a hyphen (yahoo, qmail and courier, notably), an
equals sign (mmdf) or freaking anything (postfix, didn't look up if there
is an easily un-commentable default).
Having the key identifier to the left of the untagged local-part is a nice
twist; the client could then look up an attribute in it's address book to
see if there was a local-part tag delimiter. This could easy auto-mated
client and/or gateway processing of the encryption at either or both ends.
--
David Mercer
PGP Public Key: http://davidmercer.nfshost.com/radix42.pubkey.txt
Fingerprint: A24F 5816 2B08 5B37 5096 9F52 B182 3349 0F23 225B
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20131018/0cf19ea9/attachment.html>
More information about the cryptography
mailing list