[Cryptography] Email encryption for the wider public

[John Levine]

>I think keys and email addresses serve a very similar purpose: both
>serve as an "online identity". I don't see why we need to impose two
>sets of identities on each user - it means either personally
>maintaining a list of both the email address and the public key of
>each of your contacts, or alternatively some complex PKI scheme (key
>servers, etc) to tie the two forms of identity together.

People are human, and screw up from time to time.  Your scheme would
work OK if people were perfect, but they're not.  A scheme with no
provision for account recovery or addresses people can remember is
unlikely to be usable outside the tiny niches where people already use
S/MIME or PGP.

The DANE S/MIME approach is pretty simple (after you wave your hands
and assume that system managers will implement DNSSEC anyway.)  The
key for each address is stored in a SMIMEA record in the DNS, so if you
want the signing or verification key for an address, you just do a DNS
lookup.  You can revoke a key by removing it from the DNS, or roll
your keys by adding a record for the new key and later removing the
record for the old key.  The guts are S/MIME minus the PKI, which
works pretty well now.

See draft-ietf-dane-smime for the details.

R's,
John