On 14 Sep 2013, at 15:45, Arnt Gulbrandsen
<arnt(_at_)gulbrandsen(_dot_)priv(_dot_)no> wrote:
Name removed to make this a little less flamish:
But really, PGP is the answer you're looking for. :)
I hate to say this, but this is the kind of thing NSA shills say: Point
out some magnificent foobar that certainly will not be deployed, focus
on it, and hope that nothing merely good will get traction.
I have some ideas about why PGP fails so miserably, but that doesn't
really matter. Whatever the reason is, PGP has a twenty-year history of
disuse, so I'm fairly sure that in five years, only a very few people
will use it and its users will not be able to hide in a crowd.
Yes. Absolutely correct; PGP will remain the clique solution exclusive to
fumbling Guardian journalists and tinfoil hat-wearing conspiracy nutters.
I don't know that I could confidently say that it is PGP's implicit trust model
that's FUBAR for ordinary use. I definitely think, though, that the "Defence
in depth" strategy of eventual upgrade to TLS has a better chance of providing
useful results (second place in my mind goes to S/MIME with web-based automatic
provisioning).
But, and this is the reason I made the comment, PGP right now provides useful
security. It's not easy, but it does *EXACTLY* what it proposes to do. That's
a whole lot better than the uncertainty of anything dependent on hop-by-hop
message transfers, at least at the moment.
Cheers,
Sabahattin
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp