ietf
[Top] [All Lists]

Re: Agenda, security, and monitoring

2014-02-02 07:55:28


On Feb 1, 2014, at 18:18, John C Klensin <john-ietf(_at_)jck(_dot_)com> wrote:

Indeed, it might be interesting as a first
step to fix
the IETF list so it wouldn't accept unsigned messages.

I don't think this is a good idea.

First, it would raise technical barriers to participation; now one would have 
to install software other than email software, configure it correctly and point 
ietf to the signing key (no?)... (unless the list doesn't do an actual sig 
check, in which case what's the point?). Second, while I and others are 
comfortable with a default-sign policy, I know many more people that are very 
picky with non-repudiability and things they cryptographically sign. Finally, 
I'm not comfortable keeping keys on mobile devices (signing or otherwise), 
which would mean emails I send from those devices like this one will not be 
signed.

Am I missing something? I can imagine many of us have longer keys since the 
last IETF, so I'd definitely be interested in a signing event.

best, Joe

--
Joseph Lorenzo Hall
Chief Technologist
Center for Democracy & Technology
https://www.cdt.org/

<Prev in Thread] Current Thread [Next in Thread>