Just as with OTR for XMPP, would it be possible, or feasable to implement something like that for email, as a server-side addition?
- User alice@example.com types and sends email for bob@server.com
- Mailserver from example.com contacts mailserver at server.com
- They do a Diffie Hellman key exchange and MTA at example.com uses that key to encrypt this specific email message
- It passes as encrypted plaintext over the internet
- The MTA at server.com recieves the encrypted message, decrypts it, and discards the key.
It would have a few of the drawbacks of MTA ssl, because both ends have to support it, but it does provide better protection against private key leakage. With MTA SSL, if the private key leaks all recorded traffic can be decrypted, with a DHKE nothing can be decrypted.
What are your thoughts and opinions on this?