Richard Welty said:
> the problem is that you are now doing authentication on the server when
> it's the user of the client that's supposed to be authenticated (i'm
> assuming that this is pgp/gpg or s/mime style authentication &
> encryption that is at issue.)
OK, but we're talking about encrypting messages with people's public keys,
so I don't see how an unauthenticated client could increase risk. Again,
I'm talking about managing *public* keys server-side. I never said
anything about private keys.
> you are also skipping a hop for encryption.
Not if messages are submitted via SMTP over TLS or a similar method.
http://www.exim.org/exim-html-4.00/doc/html/spec_4.html#SECT4.5
I agree that there is a certain element of risk associated with placing
the management on the server instead of the client. However, you have to
balance that with the difficulty of deploying a PKI infrastructure and
teaching people to effectively use public/private keys to encode, sign and
decode messages. By placing a portion of this on the server, you obviate
a great deal of that training and reduce the complexity of the system
significantly. I would argue that the benefits of such a system outweigh
the risks.
--kurt
