Just as with OTR - (http://www.cypherpunks.ca/otr/) for XMPP, would it be possible, or feasable to implement something like that for email, as a server-side addition?
- User alice@example.com types and sends email for bob@server.com - Mailserver from example.com contacts mailserver at server.com - They do a Diffie Hellman key exchange and MTA at example.com uses that key to encrypt this specific email message - It passes as encrypted plaintext over the internet - The MTA at server.com recieves the encrypted message, decrypts it, and discards the key.
It would have a few of the drawbacks of MTA ssl, because both ends have to support it, but it does provide better protection against private key leakage.
What are your thoughts and opinions on this?