On Sep 6, 2013, at 9:55 AM, Dave Crocker <dhc@xxxxxxxxxxxx> wrote: > > In other words, the IETF needs to assume that we don't know what will work for end users and we need to therefore focus more on processing by end /systems/ rather than end /users/. But we are also end users. I recall being laughed at 6 or 7 years ago when I suggested that email security implementations would "get better" if the IETF insisted on using them for our email. My proposal at the time was, that since we thought S/MIME was the cat's whiskers, we should set up a CA and issue free end-user certs to all participants. Messages to IETF lists would require signing with said certs to be considered valid. This would make it easy to eliminate most of our SPAM. So, we could eat our own dogfood, with whatever anti-surveillance mechanisms we specify. I am positive that would make things more end-user usable, over time. -- Dean