One of the hurdles to end-to-end email encryption is key distribution. Doing this manually ensures that only technical people will bother, so why not automate it via some protocol? A natural method would be to extend SMTP so the sender can ask if a user’s key exists, and if so then use that to send the message, e.g. like this:
HELO relay.example.org 250 MAIL FROM:<email@example.com> 250 KEY FOR:<firstname.lastname@example.org> 250 --- BEGIN PGP PUBLIC KEY BLOCK --- ... --- END PGP PUBLIC KEY BLOCK --- RCPT TO:<email@example.com> ...
KEY FOR capability could also be discoverable via the common
EHLO relay.example.org 250-smtp.example.org 250-KEYS ...
Why hasn’t this been suggested before? Googling I found only one link. Is there some flaw with it?blog comments powered by Disqus Prev: Basics of Web Architecture Next: Paperclip with Server-Side Files