At 9:12 AM -0400 4/9/14, Phillip Hallam-Baker wrote:
To that end, I could imagine a requirement for some kind of
roadmap. "The tools that access the IETF SMTP and HTTP sites use
protocols X, Y, and Z. After <date>, we require them to use Secure
X, Secure Y, and Secure Z, and traffic originated by the IETF
sites shall use such protocols."
This sounds like a good idea.
To me it sounds like a knee-jerk reaction rather than an assessment
of what we need to protect and what the costs are of various
mechanisms.
But we currently have a big problem in
that the IETF has two email security standards, not one. And the two
sides don't talk and this has created a stalemate that has blocked
ubiquitous use of either.
We actually have a few more email security standards, but regardless,
I don't think the major barrier to deployment is that there is not a
single standard. There are a number of reasons why email end-to-end
encryption is rarely used, which include the difficulty of managing
keys, but it's also worth pointing out that end-to-end encrypted
email breaks a lot of the anti-spam, unless users share their private
keys with their mail provider (which kind of defeats the point).
--
Randall Gellens
Opinions are personal; facts are suspect; I speak for myself only
-------------- Randomly selected tag: ---------------
Frequently, people can tell you they've read a book and
liked it, but they can't tell you why. We don't want the
reader to have to do the hard work of figuring that out.
--Duncan Smith, creator of NoveList.