[Top] [All Lists]

Re: [openpgp] A new openpgp WG

2015-03-13 18:37:07
It is unlikely I would be able to attend the March IETF with such
short notice. (I also have other travel plans in this timeframe.)

Therefore, Yahoo would request that the IETF defer action. (July sounds fine.)

Both Yahoo and Google are presently planning deployment of a browser
extension using OpenPGP. (Google's open-source branch is at; our branch will be open-sourced
soon at

We would expect this to be one of the larger deployments of OpenPGP,
and to face unique constraints (because of its implementation in
JavaScript, and deployment via the Web Platform).

I am hopeful that feedback on the open-source extensions will prove
useful in whatever standards process may emerge.

David Leon Gil
Senior Paranoid

PS. This is a statement of Yahoo's position.

This message is sent from a Gmail account because Yahoo sets a strict
DMARC policy, which may result in some recipients MTAs (e.g. Google's)
dropping a message.

See for things mailing lists can do to
avoid this. There are also things webmail providers can do to mitigate
this problem, but Google won't do them.

The benefits to DKIM are tremendous, w.r.t. protection of users from
phishing or other malicious emails. I strongly encourage mailing list
owners and webmail providers to take steps to ensure that all users'
messages are correctly handled with a DKIM p=reject.

On Fri, Mar 13, 2015 at 7:26 AM, Stephen Farrell
<stephen(_dot_)farrell(_at_)cs(_dot_)tcd(_dot_)ie> wrote:


I've just now subscribed here because Derek sent a pointer
to the recent discussion about chartering a new WG.

FWIW, as one of the security area directors who might be
involved in the chartering stuff, I'm happy to help out as
I can, and I'm sure the same goes for Kathleen. But you seem
to be doing all the right things already (discuss charter,
focus on changes people would likely implement/deploy,
meet in bar:-), which is great.

A couple of other things to do might be to send a pointer
to the general security area list (saag(_at_)ietf(_dot_)org) asking
interested folks to subscribe here, (e.g. I think I used be
subscribed to the imc hosted list way back but I wasn't on
this one) and if the bar-BoF goes ahead, it'd be good for
one of you to grab the mic at the saag session in Dallas
and report back on that.

Please also note that there's no absolute need to have a
BoF session (e.g. in Prague in July) before a WG is formed.
If a whole bunch of people know that they all want to do a
well-scoped useful thing then we may not need one. (The
just-formed tokbind WG didn't have a BoF for example.) If
OTOH, there's a need for face-to-face discussion about
tricky scoping issues or about whether some work should be
done at all then a BoF can be a fine thing. In this case,
I'd not be surprised if no BoF were needed, in which case
we could possibly form a WG before July and get going that
much sooner. That said, please keep your focus on the
getting the right proposed charter text and don't
over-prioritise speed. (Since a lot of people still
assume a BoF session and the associated delay are mandatory,
I figured it worth pointing out that's not always the


openpgp mailing list

openpgp mailing list

<Prev in Thread] Current Thread [Next in Thread>