---- Original Message ----- From: "Pete Resnick" <presnick@xxxxxxxxxxxxxxxx> To: "John C Klensin" <john-ietf@xxxxxxx> Cc: <ietf@xxxxxxxx>; <iesg@xxxxxxxx> Sent: Monday, February 03, 2014 12:44 AM On 2/1/14 11:18 PM, John C Klensin wrote: > > > Sorry, I wasn't clear. At least in this particular context, I > > have no interest at all in authentication. My interest was in a > > demonstration of the ability to handle encryption. For S/MIME > > and PGP, if I can sign a message, I can decrypt a message that > > is sent to me. From a privacy or surveillance resistance > > standpoint, the latter, and a way to demonstration That > > capability, are important. Authentication is irrelevant and, as > > you say, not helpful in that context. > > > > I agree that authentication is irrelevant in this context. But that's > leads me to agree with Dave on a central point (hence the little I-D > we've been banging on and submitted to the STRINT folks): The problem > with PGP and S/MIME is that they require authentication in order to > start using encryption, and since authentication is both irrelevant to > this *and* a pain to do, I don't think it's likely that mechanisms that > require authentication to get started are good candidates to address PM, > let alone be a terribly good demonstration that we can do encryption. I > can't get torqued about people participating in a key signing: If you're > interested in using those tools, go for it. But I do think that if we > want to make headway on the PM problem and convince people that we can > address pieces of it, we need to start looking at different sorts of > mechanisms. Quote from the uta charter " - Consider, and possibly define, a standard way for an application client and server to use unauthenticated encryption through TLS when server and/or client authentication cannot be achieved. " Would that fit the bill? Tom Petch > I suspect Ted might be right and this is simply an integration problem. > I'm not sure whether Dave agrees or disagrees with me on this, but I > think we've got the tools in our toolbox already: The bones (and much of > the meat) of PGP or S/MIME might be perfectly suitable with some > re-working. But I think until that re-working is done, we're not likely > to have a good demonstration of this stuff actually working, especially > if "the best technology we have is annoying and will require you and > your correspondents to learn more, and fuss more, than you would > probably like". > > pr > > -- > Pete Resnick<http://www.qualcomm.com/~presnick/> > Qualcomm Technologies, Inc. - +1 (858)651-4478 > >