[Top] [All Lists]

Re: [ietf-smtp] Request for discussion of Mandatory Secure Mail Delivery proposal (draft-wchuang-msmd)

2013-10-16 13:27:40
Hi  Paul,

On Wed, Oct 16, 2013 at 9:42 AM, Paul Smith <paul(_at_)pscs(_dot_)co(_dot_)uk> 

On 16/10/2013 11:04, Martijn Grooten wrote:

5. Recommendations

I don't claim to be an expert on user interfaces or in human
understanding of tehnical protocols, but do you really think that an
average user can
make an informed decision on whether to use an option that requires
secure channels for email delivery, but still allows for the email to be
read at many placed along delivery route, while generating the bounce in
case one of the channels can't be adequately secured?

This is my problem. I can see it being marketed as a 'way of sending
secure email' rather than a 'way of getting more bounces than successful

As noted before, I don't have a fully satisfactory answer.  Perhaps:
1) consumer education
2) deployment to sophisticated users e.g. corporate users first
wait for the majority of the ecosystem to deploy SMTP STARTTLS
3) then deploy to all users


It isn't going to make email totally 'secure' - but it will improve it so
I can see the advantage of the idea. However, I worry that end users will
just tick the box by default (who would choose to use the 'send insecure
email' option?) and then the people who manage the servers will be deluged
with problem reports about emails not being delivered.

At what level of 'secrecy' would you expect this to be used? For 'really
top secret messages', you'd be daft to use this, as it's not totally
secure. For 'my holiday photo messages' you'd be daft to use it, as they're
not secret, and you'd really rather the message got through than caring
that some CIA agent got to waste time looking at your picture of a mountain.


Paul Smith Computer Services
Tel: 01484 855800
Vat No: GB 685 6987 53

ietf-smtp mailing list

ietf-smtp mailing list
<Prev in Thread] Current Thread [Next in Thread>