Code like song
Why not distribute public keys via SMTP?
One of the hurdles to end-to-end email encryption is key distribution. Doing this manually ensures that only technical people will bother, so why not automate it via some protocol? A natural method would be to extend SMTP so the sender can ask if a user’s key exists, and if so then use that to send the message, e.g. like this:
HELO relay.example.org
250
MAIL FROM:<bob@example.org>
250
KEY FOR:<alice@example.com>
250
--- BEGIN PGP PUBLIC KEY BLOCK ---
...
--- END PGP PUBLIC KEY BLOCK ---
RCPT TO:<alice@example.com>
...The KEY FOR capability could also be discoverable via the common EHLO command:
EHLO relay.example.org
250-smtp.example.org
250-KEYS
...Why hasn’t this been suggested before? Googling I found only one link. Is there some flaw with it?
blog comments powered by Disqus Prev: Basics of Web Architecture Next: Paperclip with Server-Side Files
Code
Writing
Talks
- Papers We Love: Temporal Alignment
- Benchbase for Postgres Temporal Foreign Keys
- Hacking Postgres: the Exec Phase
- Progress Adding SQL:2011 Valid Time to Postgres
- Temporal Databases: Theory and Postgres
- A Rails Timezone Strategy
- Rails and SQL
- Async Programming in iOS
- Errors in Node.js
- Wharton Web Intro
- PennApps jQuery Intro