Augment the SMTP protocol: the sending host asks the receiving host for the recipient's public key. If no key, send unencrypted. If yes a key, the sending host encrypts and sends, as well as provides the sender with a copy of the public key (so next time, no need to ask, though one might ask if the key has been revoked).
There is some protection from MITM if the recipient responds with a signed, semantically relevant message.
The protocol seems monotonically better than the current, "no encryption at all" protocol.
No comments :
Post a Comment