Re: Agenda, security, and monitoring

--On Sunday, February 02, 2014 02:27 +0000 Stephen Farrell
<stephen(_dot_)farrell(_at_)cs(_dot_)tcd(_dot_)ie> wrote:

> ...
> > If we are really serious about preventing monitoring,
> > especially at the application layer and doing so within our
> > own community as an  example, this should be obvious.
> I disagree as it happens. Putting an emphasis on identification
> and authentication seems backwards to me. First, we ought try
> provide means to communicate that resist PM, (which requires
> confidentiality and can use some help from Mr. Data
> Minimisation:-) and after we have that nicely unerway, we can
> then see how to establish various kinds of authentication.
>
> I don't believe that starting from authentication is at all
> the right approach.
>
> But, I might be wrong, so happy to see people signing keys.
>
> > Indeed, it might be interesting as a first step to fix the
> > IETF list so it wouldn't accept unsigned messages.
> Wasn't that debated a few months ago. I don't think that
> would be at all useful for anyone.
Sorry, I wasn't clear.  At least in this particular context, I
have no interest at all in authentication.  My interest was in a
demonstration of the ability to handle encryption.  For S/MIME
and PGP, if I can sign a message, I can decrypt a message that
is sent to me.  From a privacy or surveillance resistance
standpoint, the latter, and a way to demonstration That
capability, are important.  Authentication is irrelevant and, as
you say, not helpful in that context.

   john