Re: Agenda, security, and monitoring
2014-02-02 18:45:26
On 2/1/14 11:18 PM, John C Klensin wrote:
Sorry, I wasn't clear. At least in this particular context, I
have no interest at all in authentication. My interest was in a
demonstration of the ability to handle encryption. For S/MIME
and PGP, if I can sign a message, I can decrypt a message that
is sent to me. From a privacy or surveillance resistance
standpoint, the latter, and a way to demonstration That
capability, are important. Authentication is irrelevant and, as
you say, not helpful in that context.
I agree that authentication is irrelevant in this context. But that's
leads me to agree with Dave on a central point (hence the little I-D
we've been banging on and submitted to the STRINT folks): The problem
with PGP and S/MIME is that they require authentication in order to
start using encryption, and since authentication is both irrelevant to
this *and* a pain to do, I don't think it's likely that mechanisms that
require authentication to get started are good candidates to address PM,
let alone be a terribly good demonstration that we can do encryption. I
can't get torqued about people participating in a key signing: If you're
interested in using those tools, go for it. But I do think that if we
want to make headway on the PM problem and convince people that we can
address pieces of it, we need to start looking at different sorts of
mechanisms.
I suspect Ted might be right and this is simply an integration problem.
I'm not sure whether Dave agrees or disagrees with me on this, but I
think we've got the tools in our toolbox already: The bones (and much of
the meat) of PGP or S/MIME might be perfectly suitable with some
re-working. But I think until that re-working is done, we're not likely
to have a good demonstration of this stuff actually working, especially
if "the best technology we have is annoying and will require you and
your correspondents to learn more, and fuss more, than you would
probably like".
pr
--
Pete Resnick<http://www.qualcomm.com/~presnick/>
Qualcomm Technologies, Inc. - +1 (858)651-4478
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: Agenda, security, and monitoring, (continued)
- Re: Agenda, security, and monitoring, Dave Crocker
- Re: Agenda, security, and monitoring, Stephen Farrell
- Re: Agenda, security, and monitoring, Dave Crocker
- Re: Agenda, security, and monitoring, Stephen Kent
- Re: Agenda, security, and monitoring, Phillip Hallam-Baker
- Re: Agenda, security, and monitoring, Scott Brim
- Re: Agenda, security, and monitoring, Ted Lemon
- Re: Agenda, security, and monitoring, Phillip Hallam-Baker
Re: Agenda, security, and monitoring, Stephen Farrell
- Re: Agenda, security, and monitoring, John C Klensin
- Re: Agenda, security, and monitoring,
Pete Resnick <=
- Re: Agenda, security, and monitoring, John C Klensin
- Re: Agenda, security, and monitoring, Bjoern Hoehrmann
- Re: Agenda, security, and monitoring, Brian E Carpenter
- Re: Agenda, security, and monitoring, Phillip Hallam-Baker
- Re: Agenda, security, and monitoring, Brian E Carpenter
Re: Agenda, security, and monitoring, Theodore Ts'o
Re: Agenda, security, and monitoring, Phillip Hallam-Baker
Re: Agenda, security, and monitoring, John C Klensin
Re: Agenda, security, and monitoring, Phillip Hallam-Baker
Re: Agenda, security, and monitoring, t.p.
|
Previous by Date: |
Re: Agenda, security, and monitoring, Tobias Gondrom |
Next by Date: |
Re: Agenda, security, and monitoring, Patrik Fältström |
Previous by Thread: |
Re: Agenda, security, and monitoring, John C Klensin |
Next by Thread: |
Re: Agenda, security, and monitoring, John C Klensin |
Indexes: |
[Date]
[Thread]
[Top]
[All Lists] |
|
|