> John> Here's a concrete suggestion: it is clear that the bad uses > John> of DKIM people have mentioned are a subset of the bad uses > John> of STARTTLS. > > That's not clear to me. > I'd never really considered the question though so it may well be true. If walled gardens are the problem or the goal, STARTTLS is a swell way to do it. > John> And the TLS world is dominated by a single signer whose > John> signing policies are opaque. > > Really? Are you sure the TLS world is not dominated by users clicking > OK trust this cert for anything they see, combined with a lot of self > signed certs and certs from a variety of CAs? The CAs that people use in web SSL are overwhelmingly signed by Verisign or its subsidiaries like Thawte. Geotrust is a distant second. I honestly don't know what signers people use for STARTTLS but since everyone uses the same small set of TLS libraries, my working assumption is that they use the same small set of authorities, too. > John> So how about if we simply reuse the warning language about > John> STARTTLS from RFC 3207? > > What warning language? I can't find anything related to this problem. > I may not be looking carefully enough. There isn't any. That's my point. Regards, John Levine, johnl@xxxxxxxx, Primary Perpetrator of "The Internet for Dummies", Information Superhighwayman wanna-be, http://www.johnlevine.com, Mayor "A book is a sneeze." - E.B. White, on the writing of Charlotte's Web _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf