ietf
[Top] [All Lists]

Re: Agenda, security, and monitoring

2014-02-01 20:45:23


On 02/02/2014 02:38 AM, Dave Crocker wrote:
On 2/1/2014 5:02 PM, Randy Bush wrote:
i support pgp key signing even though pgp and signed mail are not
perfect or make cash fall from the sky.  one day at a time.


After twenty years of one day at a time, it's demonstrably not the
vehicle for mass-adoption, nor is there any basis for viewing it as the
foundation of the vehicle.

If you think otherwise, please offer an explanation of how to get from
the small-scale, long-term here to the the necessarily very large-scale
there that we need to reach.

Again, putting energy into PGP or S/MIME -- in anything like their
current form -- incurs extremely expensive opportunity costs for the
IETF community.

You may be right, but I'm not so clear about that, as stated.

If someone wanted to propose using PGP or S/MIME (aka CMS) formats
to provide closer-to-end-to-end confidentiality protection for email
messages that covered most headers in a way that might get deployment
then I think that would not match your description. I do suspect
that that is not likely to happen.

If OTOH, we spent a lot of time debating email message origin
authentication then I fully agree with you that we'd just be
distracting ourselves pointlessly.

S.



d/