Author: Mike Hearn 2015-07-13 22:31:36
Published on: 2015-07-13T22:31:36+00:00
A company called Netki is working on DNSSEC integration with BIP70. The biggest flaw with the suggested idea is that no email provider is going to implement it soon, so hardly anyone will use it. However, every CA allows revoking a certificate issued for an email address if you have access to that email address, and certificate transparency is already working on solving this issue in a scalable manner. If a mechanism that eliminates the CA entirely is still required, there is a better approach that is backwards compatible with existing email providers. This approach involves sending a public key in the subject line to a one-time collector address, which then triggers DKIM signing of the subject line and the From header, binding the public key and email address together via the ESP’s own signing key. The textual email headers can be run through the DKIM validation algorithm in combination with the domain key retrieved via DNS. This scheme does not require the email provider to know or care about Bitcoin, and there are DKIM validation libraries already in existence, so new code required is minimal. However, there is no way to revoke such a “certificate,” and the UX leaves some binary nonsense in the user's sent folder. Finally, a lot of users don’t use emails as identifiers anymore, and in the modern world, people are using their social networking profiles (i.e. Facebook) and phone numbers as personal identifiers.
Updated on: 2023-06-10T02:31:53.251646+00:00