----- Original Message ----- From: "Phillip Hallam-Baker" <hallam@xxxxxxxxx> To: "Andrew Sullivan" <ajs@xxxxxxxxxxxxxxxxxx> Cc: "IETF Discussion Mailing List" <ietf@xxxxxxxx> Sent: Friday, September 06, 2013 4:56 AM > On Thu, Sep 5, 2013 at 11:32 PM, Andrew Sullivan <ajs@xxxxxxxxxxxxxxxxxx>wrote: > > > On Fri, Sep 06, 2013 at 03:28:28PM +1200, Brian E Carpenter wrote: > > > > > > OK, that's actionable in the IETF, so can we see the I-D before > > > the cutoff? > > > > Why is that discussion of this nailed to the cycle of IETF meetings? > > > It is not. I raised the challenge over a week ago in another forum. Last > thing I would do is to give any institution veto power. > > > The design I think is practical is to eliminate all UI issues by insisting > that encryption and decryption are transparent. Any email that can be sent > encrypted is sent encrypted. That sounds like the 'End User Fallacy number one' that I encounter all the time in my work. If only everything were encrypted, then we would be completely safe. Well, no (as you Phillip know well). It depends on the strength of the ciphers (you can get a little padlock on your screen with SSL 2 which was the default in my local public access system until recently). It depends on the keys being secret (one enterprise system I was enrolled on in 2003 will not let me change my password, ever - only the system administrator has that power). It depends on authentication (I have a totally secure channel, unbreakable in the next 50 years, but it is not to my bank but to a Far Eastern Power). And so on. Yet every few weeks I hear the media saying, 'look for the padlock'. I think that the obvious step to improving security is to get the world at large possessing and using certificates, in the same way as the governments of the world, not very long agao, persuaded us to use passports. Tom Petch > > So that means that we have to have a key distribution infrastructure such > that when you register a key it becomes available to anyone who might need > to send you a message. We would also wish to apply the Certificate > Transparency approach to protect the Trusted Third Parties from being > coerced, infiltrated or compromised. > > Packaging the implementation is not difficult, a set of proxies for IMAP > and SUBMIT enhance and decrypt the messages. > > The client side complexity is separated from the proxy using Omnibroker. >