On 02/02/2014 02:38 AM, Dave Crocker wrote: > On 2/1/2014 5:02 PM, Randy Bush wrote: >> i support pgp key signing even though pgp and signed mail are not >> perfect or make cash fall from the sky. one day at a time. > > > After twenty years of one day at a time, it's demonstrably not the > vehicle for mass-adoption, nor is there any basis for viewing it as the > foundation of the vehicle. > > If you think otherwise, please offer an explanation of how to get from > the small-scale, long-term here to the the necessarily very large-scale > there that we need to reach. > > Again, putting energy into PGP or S/MIME -- in anything like their > current form -- incurs extremely expensive opportunity costs for the > IETF community. You may be right, but I'm not so clear about that, as stated. If someone wanted to propose using PGP or S/MIME (aka CMS) formats to provide closer-to-end-to-end confidentiality protection for email messages that covered most headers in a way that might get deployment then I think that would not match your description. I do suspect that that is not likely to happen. If OTOH, we spent a lot of time debating email message origin authentication then I fully agree with you that we'd just be distracting ourselves pointlessly. S. > > d/ >