Hadmut Danisch wrote concerning secrets:
here we are talking about protocols that virtually
_everybody_ on the world using the internet (and e-mail
is a essential part of internet use, isn't it?) will
have to adopt.
I believe the discussion here is focused on authentication, not
encryption. Thus, the focus is primarily on signatures. As such, the
discussion does not include mechanisms for "hiding" information or even
implementations that would allow passing secrets between people.
As I understand it, the problem of "private" or "encrypted"
communications is not within the scope of the ASRG charter.
Even if there were countries that prohibit the use of signature
technologies, there is still a range of methods that could be used, in
part, by residents of those countries. These include, for instance, the
approaches that involve "token-passing". For instance, the "single-user"
email addresses that I've discussed in other mail messages or the
"email-cookie" ideas that have been proposed. Use of these methods would
allow one in a restrictive jurisdiction, or anyone who did not have a
signing ability for some other reason, to send mail to someone who was
free to use the technology and generate the appropriate tokens. (Note: I
am well aware of the fact that these "single-sided" approaches have a
number of weaknesses. However, something may be considered to be better
than nothing.)
bob wyman
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg