Web Key Directory
Werner Koch
wk at gnupg.org
Thu May 12 09:47:59 CEST 2016
On Tue, 10 May 2016 09:40, bernhard at intevation.de said:
> Ok, where did you take it from?
*h*ashed *u*serid
> Being able to show the credentials to the mail service provider that
> can access the email account (storage and settings) is equivalent from the
> security point of view of being able to send and receive the emails over this
That mixes two entirely different services. Web service may even be
outsourced.
>> Even if parts of the protocol would use HTTPS, there will in any case be
>> a need to use SMTP/LMTP/IMAP/POP3 for the email confirmation.
>
> Why? To show that the client can do email format construction and
> parsing?
To receive and send confirmation mails ??
> What security purpose are you thinking of with air gaps?
> You mean in the case that your client is on a disconnected machine
> and you transport emails over via removable medias? This seems to be
Right , that is what an ari gap is about.
> a very rare use case from my point of view. And it could be done with
> an https based protocol as well, just allow the challenge to be answered
> with a reasonable time delay.
I am not sure whether RFC-1149 like transport mechanisms [1] will work
with TLS :-)
Salam-Shalom,
Werner
[1] Standard for the transmission of IP datagrams on avian carriers. D.
Waitzman. April 1990. (Format: TXT=3329 bytes) (Updated by RFC2549,
RFC6214) (Status: EXPERIMENTAL) (DOI: 10.17487/RFC1149)
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
/* EFH in Erkrath: https://alt-hochdahl.de/haus */
More information about the Gnupg-devel
mailing list