On Fri, 15 Jan 2016 08:26:13 PM Joel W. Shea via luv-main wrote:
Is it possible to put a PGP/GPG public key in the DNS and have an MUA use it?
Since you've asked; anything is possible[1], and since you're already aware of existing mechanisms (key servers) for distributing public PGP/GPG keys; I see what you're getting at, the verification of which is up to the end-user rather than a independent "trusted" third party, or by exhibiting the control of a domain via publishing in the DNS.
[1] Although it's entirely possible, I'm not aware of any implementation and without thinking it through more thoroughly I'm unsure why one would want to.
With DKIM/DMARC the receiving MTA can do the checks and ensure that the mail is valid. If we wanted to use GPG/PGP in the same way then there needs to be an equivalent key management system. On Fri, 15 Jan 2016 08:35:48 PM Brian May via luv-main wrote:
Imagine if the big email providers, such as Google and Yahoo supported this sort of technology. They could push for the required client side encryption standards for browsers if they really wanted to. Suddenly encryption would be available to the masses.
I don't think this is going to happen however, those flying pigs would get in the way.
Or more seriously, I suspect Google don't want people using client side encryption, as this would prevent them scanning emails for advertising.
I don't think that Google and Yahoo have some nefarious plan. If there was a system for encrypting mail between MTAs (like using GPG with DKIM/DMARC type mechanisms for managing keys) then they could display targeted adverts and users get the simplicity of having things just work (GPG is too hard for most people). But GPG in the MUA is difficult for users and help desks. I don't use it as much as I might because the KDE implementation is annoyingly difficult. Using DKIM on my server is a much easier way of signing all my mail. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/