--On Sunday, February 02, 2014 02:27 +0000 Stephen Farrell <stephen.farrell@xxxxxxxxx> wrote: >... >> If we are really serious about preventing monitoring, >> especially at the application layer and doing so within our >> own community as an example, this should be obvious. > > I disagree as it happens. Putting an emphasis on identification > and authentication seems backwards to me. First, we ought try > provide means to communicate that resist PM, (which requires > confidentiality and can use some help from Mr. Data > Minimisation:-) and after we have that nicely unerway, we can > then see how to establish various kinds of authentication. > > I don't believe that starting from authentication is at all > the right approach. > > But, I might be wrong, so happy to see people signing keys. > >> Indeed, it might be interesting as a first step to fix the >> IETF list so it wouldn't accept unsigned messages. > > Wasn't that debated a few months ago. I don't think that > would be at all useful for anyone. Sorry, I wasn't clear. At least in this particular context, I have no interest at all in authentication. My interest was in a demonstration of the ability to handle encryption. For S/MIME and PGP, if I can sign a message, I can decrypt a message that is sent to me. From a privacy or surveillance resistance standpoint, the latter, and a way to demonstration That capability, are important. Authentication is irrelevant and, as you say, not helpful in that context. john