On Mon, 19 Jul 2004, The Purple Streak, Hilarie Orman wrote:
Privacy consideration in handling email have always been and still
remain an important responsibility.
So have been handling of HTTP or any other kind of Internet traffic.
Legal hickups notwithstanding, the notion of privacy does not depend
on a low-level transfer protocol. As a trivial example, consider the
fact that millions get and send e-mail via HTTP-driven web sites.
I expect SMTP security and integrity guidelines to be considerably
stronger than HTTP guidelines.
Understood, but I (personally) need more facts/illustrations/reasoning
to get excited about working on a yet another abstract (for the lack
of a better word) OPES document. It seems that Markus and I are asking
the same basic question:
- What will we write about SMTP security that we have
not written already?
And, perhaps,
- What will we write about SMTP security that we did not
have to write about HTTP security?
We agree that mail security is important, but I do not think you are
answering the above questions. Perhaps an outline of the proposed
"SMTP security" document might help?
Thanks,
Alex.