Ignoring the "signed" part...
On Jun 2, 2015, at 6:44 AM, Joe Abley <jabley(_at_)hopcount(_dot_)ca> wrote:
If the argument that we should use HTTPS everywhere (which I do not disagree
with) is reasonable, it feels like an argument about sending encrypted e-mail
whenever possible ought to be similarly reasonable. Given that so much of the
work of the IETF happens over e-mail, a focus on HTTP seems a bit weird.
This is a terrible idea. If the IETF mailer thinks it knows my PGP encryption
key, and I don't because I have lost it or invalidated it, then I cannot read
the mail from the IETF mailer and will thus lose valuable information. Maybe we
can develop some interface that allows a user to specify their encryption key
and remove it at will, but I've never seen such an interface before and suspect
that its design will have all sorts of pointy edge cases.
Proposal: if you actually want this, develop an interface for telling the
server your key first. Get buy-in from others active in the IETF, if possible.
If you can pull this off, it will benefit much more than the IETF.
--Paul Hoffman