On Tue, Jun 02, 2015 at 10:15:54AM -0700, Paul Hoffman wrote: > On Jun 2, 2015, at 6:44 AM, Joe Abley <jabley@xxxxxxxxxxx> wrote: > > If the argument that we should use HTTPS everywhere (which I do not > > disagree with) is reasonable, it feels like an argument about > > sending encrypted e-mail whenever possible ought to be similarly > > reasonable. Given that so much of the work of the IETF happens over > > e-mail, a focus on HTTP seems a bit weird. There's no point to encrypting (to subscribers) posts to *public* mailing lists! There's also no point to doing anything more than DKIM as far as the mailing list processor goes. Users should be (and are) able to sign their posts if they like, but I don't think there's much point to requiring them to. As to SMTP, see below. > This is a terrible idea. If the IETF mailer thinks it knows my PGP > encryption key, and I don't because I have lost it or invalidated it, > [...] I agree, but SMTP should still get confidentiality protection, opportunistically and with DANE. The reason for this being that sending MTAs can't know whether some message they are transmitting is going to a public list -- they must assume that confidentiality is desired in SMTP. MUAs should also demand confidentiality in SUBMIT, of course. Nico --