SSH exists and has been widely deployed for years. SMTP exists and
has been widely deployed for years. There is no need for additional
standards work. There is only a need for MUA authors to implement and
deploy existing protocols.
STARTLS exists, is an approved standard and has been implemented in
Microsoft exchange along with pretty much every other mail server for
years.
Incidentally STARTTLS is the most commonly used email encryption scheme
in use today. It is vastly more successful than PGP or S/MIME combined.
Nothing in that process requires input from the IETF or any other
standards body.
Using SSH would require input. You have to know the other endpoint
supports SSH.
Digital certificates provide the accreditation component that is the
principle value in the only two cryptography schemes that have been
an unqualified success - SSL driven e-commerce and the authenticode scheme.
Sure there are people who claim there is no value from certificates
that cannot be provided through a web of trust. The real issue is
accountability. I designed my procedures so that each employee in the
CA center is accountable for their actions, as a company we agree to
be held accountable within the bounds of predefined limits to the
parties relying on our certificates.
Sure you can build peer-to-peer type networks. But peer-to-peer trust
networks are complex and unweildy. That is why pretty much every
B2B scheme that starts as bilateral relationships quickly moves
to a Value Added Network model, you authenticate to the hub and
then you can talk to anyone.
The Web has peer to peer aspects, eliminating the central hub was
what made the network hypertext model work. But look at Google and
you will see that the search model is not peer to peer.
Phill
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg