On Tue, Jun 02, 2015 at 10:15:54AM -0700, Paul Hoffman wrote: > On Jun 2, 2015, at 6:44 AM, Joe Abley <jabley@xxxxxxxxxxx> wrote: > > If the argument that we should use HTTPS everywhere (which I do not > > disagree with) is reasonable, it feels like an argument about > > sending encrypted e-mail whenever possible ought to be similarly > > reasonable. Given that so much of the work of the IETF happens over > > e-mail, a focus on HTTP seems a bit weird. There is no point to PGP encryption when posting to *public* mailing lists, not even if done by the list processor (which is the only way that makes sense). SMTP, however, should use TLS, opportunistically or with DANE, as they don't know whether a destination of a message they are transmitting is a public list. MUAs really must use TLS for SUBMIT as well. > This is a terrible idea. If the IETF mailer thinks it knows my PGP > encryption key, and I don't because I have lost it or invalidated it, > [...] Yes, but if we limit this to just SMTP, of course the ietf.org MTAs should support TLS, and they should have TLSA RRs for DANE. Nico --