ietf
[Top] [All Lists]

Re: Proposed Proposed Statement on e-mail encryption at the IETF

2015-06-02 12:16:17
Ignoring the "signed" part...

On Jun 2, 2015, at 6:44 AM, Joe Abley <jabley(_at_)hopcount(_dot_)ca> wrote:
If the argument that we should use HTTPS everywhere (which I do not disagree 
with) is reasonable, it feels like an argument about sending encrypted e-mail 
whenever possible ought to be similarly reasonable. Given that so much of the 
work of the IETF happens over e-mail, a focus on HTTP seems a bit weird.

This is a terrible idea. If the IETF mailer thinks it knows my PGP encryption 
key, and I don't because I have lost it or invalidated it, then I cannot read 
the mail from the IETF mailer and will thus lose valuable information. Maybe we 
can develop some interface that allows a user to specify their encryption key 
and remove it at will, but I've never seen such an interface before and suspect 
that its design will have all sorts of pointy edge cases.

Proposal: if you actually want this, develop an interface for telling the 
server your key first. Get buy-in from others active in the IETF, if possible. 
If you can pull this off, it will benefit much more than the IETF.

--Paul Hoffman

<Prev in Thread] Current Thread [Next in Thread>