Ignoring the "signed" part... On Jun 2, 2015, at 6:44 AM, Joe Abley <jabley@xxxxxxxxxxx> wrote: > If the argument that we should use HTTPS everywhere (which I do not disagree with) is reasonable, it feels like an argument about sending encrypted e-mail whenever possible ought to be similarly reasonable. Given that so much of the work of the IETF happens over e-mail, a focus on HTTP seems a bit weird. This is a terrible idea. If the IETF mailer thinks it knows my PGP encryption key, and I don't because I have lost it or invalidated it, then I cannot read the mail from the IETF mailer and will thus lose valuable information. Maybe we can develop some interface that allows a user to specify their encryption key and remove it at will, but I've never seen such an interface before and suspect that its design will have all sorts of pointy edge cases. Proposal: if you actually want this, develop an interface for telling the server your key first. Get buy-in from others active in the IETF, if possible. If you can pull this off, it will benefit much more than the IETF. --Paul Hoffman