On Tue, Jun 02, 2015 at 10:15:54AM -0700, Paul Hoffman wrote:
On Jun 2, 2015, at 6:44 AM, Joe Abley <jabley(_at_)hopcount(_dot_)ca> wrote:
If the argument that we should use HTTPS everywhere (which I do not
disagree with) is reasonable, it feels like an argument about
sending encrypted e-mail whenever possible ought to be similarly
reasonable. Given that so much of the work of the IETF happens over
e-mail, a focus on HTTP seems a bit weird.
There is no point to PGP encryption when posting to *public* mailing
lists, not even if done by the list processor (which is the only way
that makes sense).
SMTP, however, should use TLS, opportunistically or with DANE, as they
don't know whether a destination of a message they are transmitting is
a public list.
MUAs really must use TLS for SUBMIT as well.
This is a terrible idea. If the IETF mailer thinks it knows my PGP
encryption key, and I don't because I have lost it or invalidated it,
[...]
Yes, but if we limit this to just SMTP, of course the ietf.org MTAs
should support TLS, and they should have TLSA RRs for DANE.
Nico
--