On Sep 6, 2013, at 9:55 AM, Dave Crocker <dhc(_at_)dcrocker(_dot_)net> wrote:
In other words, the IETF needs to assume that we don't know what will work
for end users and we need to therefore focus more on processing by end
/systems/ rather than end /users/.
But we are also end users. I recall being laughed at 6 or 7 years ago when I
suggested that email security implementations would "get better" if the IETF
insisted on using them for our email. My proposal at the time was, that since
we thought S/MIME was the cat's whiskers, we should set up a CA and issue free
end-user certs to all participants. Messages to IETF lists would require
signing with said certs to be considered valid. This would make it easy to
eliminate most of our SPAM.
So, we could eat our own dogfood, with whatever anti-surveillance mechanisms we
specify. I am positive that would make things more end-user usable, over time.
--
Dean