Subject: Re: Proposed Proposed Statement on e-mail encryption at the IETF Date: Tue, Jun 02, 2015 at 07:08:15PM +0100 Quoting Joe Abley (jabley@xxxxxxxxxxx): > But agreed, if the IETF was able to show that its work conducted by > e-mail could incorporate cryptography in such a way that it was a > benefit to all concerned rather than a headache, I think that would > be great. I think we have achieved this in one way; we now accept and deliver e-mail via SMTP using TLS. Everyone should do this, as long as they don't risk ending up in jail for doing it. (for those cases and for RFC 854 debugging, we keep the downgrade option. Reluctantly. Building an interceptor that strips the TLS offers from the SMTP dialogue and effects a downgrade attack is trivial. More often than not this device is "the firewall". QED.) Another way we've dogfooded in this area is by signing email. (And that might be done via any of the unuseable protocols. I pretend I don't care, to keep Joe on his chair.) There are operational, direct advantages from signing email today. Everyone who some day might want to send a sensitive e-mail over any network ought to think very hard about climbing on the mechanical bull known as "getting PGP to work in my email setup (and with some security at that)." Signed email is not "au contraire" to the open nature of IETF lists. It serves as verification and reassurement. I somewhat keep repeating myself. But we can do, and actually do, this, today. Now, getting DANE data for the IETF SMTP TLS certs going, and perhaps working on fetching that data into the validation process of some well-known MUAs, that would be a good step. -- Måns Nilsson primary/secondary/besserwisser/machina MN-1334-RIPE +46 705 989668 I am a traffic light, and Alan Ginzberg kidnapped my laundry in 1927!
Attachment:
signature.asc
Description: Digital signature