[Top] [All Lists]

Re: Summary of IETF LC for draft-ietf-dane-openpgpkey

2015-09-15 14:34:25
On 9/15/2015 12:26 PM, Stephen Farrell wrote:
Note that I am not addressing what I think is an underlying objection
which I interpret as "this won't work and is hence a bad idea." I do
think folks can validly propose an experiment like this for a feature
(e2e email security) we've never managed to get deployed at scale. (By
"like this" I mean something with lots of associated and non-crazy
concerns.) Were it the case that running this experiment would break
a bunch of things I would feel differently but I don't think that is
the case.

Arguably, a failure of this mechanism could be quite serious.

In fact, it can fail in both directions of damage:  It can create a
blocked channel between originator and recipient, and it can create a
false sense of having a protected channel.  How are these not
significant breakage?

More generally, the idea that it is acceptable for the IETF to authorize
an experiment for which basic questions of feasibility have been raised
but not meaningfully resolved re-emphasizes the problem with not
specifying what, exactly, is the purpose of the experiment and how
efficacy, or its lack, and success or failure will be assessed.


Dave Crocker
Brandenburg InternetWorking