ietf
[Top] [All Lists]

Re: On email and web security

2015-12-30 16:19:44
Thanks for the comments, Fred, and I agree.

In particular I agree that we need a better and more coherent
security architecture. Not necessarily as a way to cut the other
flowers but as a model of how to do things securely.

And I agree about privacy being an inherent part of security.

And I agree about using our own tools as an organisation, but
with a caveat. When we worked on, say, HTTP/2, we didn’t do
that for the sake of our own website. We did it for the sake
for major content providers and most popular web browsers.
If what we worked on in privacy didn’t work for the IETF or
us individually, it would be very weird. But it also cannot be
the only goal, we have to share minds with major current
or potential users of the technology. What would those be
in the e-mail case, and kinds of things are they likely
to need? Having a good answer to those questions is
probably as important as having all of us turn on particular
forms of security in our individual communications.

(I should probably insert a reminder that even in e-mail
there are actually many subproblems and and aspects.
End-to-end content protection is just one. But both my
discussion above and yours Fred were focused on the
end-to-end part.)

Jari


<Prev in Thread] Current Thread [Next in Thread>