Re: Security for various IETF services

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



At 9:12 AM -0400 4/9/14, Phillip Hallam-Baker wrote:

To that end, I could imagine a requirement for some kind of roadmap. "The tools that access the IETF SMTP and HTTP sites use protocols X, Y, and Z. After <date>, we require them to use Secure X, Secure Y, and Secure Z, and traffic originated by the IETF sites shall use such protocols."

 This sounds like a good idea.

To me it sounds like a knee-jerk reaction rather than an assessment of what we need to protect and what the costs are of various mechanisms.

 But we currently have a big problem in
 that the IETF has two email security standards, not one. And the two
 sides don't talk and this has created a stalemate that has blocked
 ubiquitous use of either.

We actually have a few more email security standards, but regardless, I don't think the major barrier to deployment is that there is not a single standard. There are a number of reasons why email end-to-end encryption is rarely used, which include the difficulty of managing keys, but it's also worth pointing out that end-to-end encrypted email breaks a lot of the anti-spam, unless users share their private keys with their mail provider (which kind of defeats the point).

--
Randall Gellens
Opinions are personal;    facts are suspect;    I speak for myself only
-------------- Randomly selected tag: ---------------
Frequently, people can tell you they've read a book and
liked it, but they can't tell you why.  We don't want the
reader to have to do the hard work of figuring that out.
                   --Duncan Smith, creator of NoveList.





[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]