> -----Original Message----- > From: ietf [mailto:ietf-bounces@xxxxxxxx] On Behalf Of Joe Abley > Sent: Tuesday, June 02, 2015 9:45 AM > To: IETF Discussion Mailing List > Subject: Proposed Proposed Statement on e-mail encryption at the IETF > > Hi all, > > All this "HTTPS everywhere" mail collided for me this morning with a similar > avalanche of press about Facebook's freshly-announced use of PGP: > > https://www.facebook.com/notes/protecting-the-graph/securing-email- > communications-from-facebook/1611941762379302 > > Mail to public mailing lists can already be signed (like this one is). It'd be nice if > mailman didn't MITM the signed content, so that the signature can be > validated. (Perhaps it will; I will find out after I hit send.) There's lots of other > mail from individuals to closed groups like the IAB and the IESG and from IETF > robots to individuals that *could* be encrypted, or at least signed. There is > work here that *could* be done. > > If the argument that we should use HTTPS everywhere (which I do not > disagree with) is reasonable, it feels like an argument about sending > encrypted e-mail whenever possible ought to be similarly reasonable. Given > that so much of the work of the IETF happens over e-mail, a focus on HTTP > seems a bit weird. > > Note that this is not an attempt to start a conversation about whether PGP is > usable, or whether S/MIME is better. I will fall off my chair in surprise if it > doesn't turn into one, though. > > > Joe Are the IETF mail servers configured to use opportunistic TLS? I haven't checked. To me this would be a good first step down the mail encryption path. Mike