Re: Agenda, security, and monitoring
2014-02-03 08:10:06
---- Original Message -----
From: "Pete Resnick" <presnick(_at_)qti(_dot_)qualcomm(_dot_)com>
To: "John C Klensin" <john-ietf(_at_)jck(_dot_)com>
Cc: <ietf(_at_)ietf(_dot_)org>; <iesg(_at_)ietf(_dot_)org>
Sent: Monday, February 03, 2014 12:44 AM
On 2/1/14 11:18 PM, John C Klensin wrote:
Sorry, I wasn't clear. At least in this particular context, I
have no interest at all in authentication. My interest was in a
demonstration of the ability to handle encryption. For S/MIME
and PGP, if I can sign a message, I can decrypt a message that
is sent to me. From a privacy or surveillance resistance
standpoint, the latter, and a way to demonstration That
capability, are important. Authentication is irrelevant and, as
you say, not helpful in that context.
I agree that authentication is irrelevant in this context. But that's
leads me to agree with Dave on a central point (hence the little I-D
we've been banging on and submitted to the STRINT folks): The problem
with PGP and S/MIME is that they require authentication in order to
start using encryption, and since authentication is both irrelevant to
this *and* a pain to do, I don't think it's likely that mechanisms
that
require authentication to get started are good candidates to address
PM,
let alone be a terribly good demonstration that we can do encryption.
I
can't get torqued about people participating in a key signing: If
you're
interested in using those tools, go for it. But I do think that if we
want to make headway on the PM problem and convince people that we can
address pieces of it, we need to start looking at different sorts of
mechanisms.
Quote from the uta charter
"
- Consider, and possibly define, a standard way for an application
client and server to use unauthenticated encryption through TLS when
server and/or client authentication cannot be achieved.
"
Would that fit the bill?
Tom Petch
I suspect Ted might be right and this is simply an integration
problem.
I'm not sure whether Dave agrees or disagrees with me on this, but I
think we've got the tools in our toolbox already: The bones (and much
of
the meat) of PGP or S/MIME might be perfectly suitable with some
re-working. But I think until that re-working is done, we're not
likely
to have a good demonstration of this stuff actually working,
especially
if "the best technology we have is annoying and will require you and
your correspondents to learn more, and fuss more, than you would
probably like".
pr
--
Pete Resnick<http://www.qualcomm.com/~presnick/>
Qualcomm Technologies, Inc. - +1 (858)651-4478
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: Agenda, security, and monitoring, (continued)
- Re: Agenda, security, and monitoring, Pete Resnick
- Re: Agenda, security, and monitoring, John C Klensin
- Re: Agenda, security, and monitoring, Bjoern Hoehrmann
- Re: Agenda, security, and monitoring, Brian E Carpenter
- Re: Agenda, security, and monitoring, Phillip Hallam-Baker
- Re: Agenda, security, and monitoring, Brian E Carpenter
- Re: Agenda, security, and monitoring, Theodore Ts'o
- Re: Agenda, security, and monitoring, Phillip Hallam-Baker
- Re: Agenda, security, and monitoring, John C Klensin
- Re: Agenda, security, and monitoring, Phillip Hallam-Baker
- Re: Agenda, security, and monitoring,
t.p. <=
- Re: Agenda, security, and monitoring, Dave Crocker
- Re: Agenda, security, and monitoring, Alessandro Vesely
Re: Agenda, security, and monitoring, Joseph Lorenzo Hall
Re: Agenda, security, and monitoring, Dale R. Worley
|
Previous by Date: |
Re: Agenda, security, and monitoring, Theodore Ts'o |
Next by Date: |
Email header randon(?) changes, t.p. |
Previous by Thread: |
Re: Agenda, security, and monitoring, Phillip Hallam-Baker |
Next by Thread: |
Re: Agenda, security, and monitoring, Dave Crocker |
Indexes: |
[Date]
[Thread]
[Top]
[All Lists] |
|
|