RE: Proposed Proposed Statement on e-mail encryption at the IETF

["MH Michael Hammer (5304)" <MHammer@ag.com>]

> -----Original Message-----
> From: ietf [mailto:ietf-bounces@ietf.org] On Behalf Of Joe Abley
> Sent: Tuesday, June 02, 2015 9:45 AM
> To: IETF Discussion Mailing List
> Subject: Proposed Proposed Statement on e-mail encryption at the IETF
> 
> Hi all,
> 
> All this "HTTPS everywhere" mail collided for me this morning with a similar
> avalanche of press about Facebook's freshly-announced use of PGP:
> 
> https://www.facebook.com/notes/protecting-the-graph/securing-email-
> communications-from-facebook/1611941762379302
> 
> Mail to public mailing lists can already be signed (like this one is). It'd be nice if
> mailman didn't MITM the signed content, so that the signature can be
> validated. (Perhaps it will; I will find out after I hit send.) There's lots of other
> mail from individuals to closed groups like the IAB and the IESG and from IETF
> robots to individuals that *could* be encrypted, or at least signed. There is
> work here that *could* be done.
> 
> If the argument that we should use HTTPS everywhere (which I do not
> disagree with) is reasonable, it feels like an argument about sending
> encrypted e-mail whenever possible ought to be similarly reasonable. Given
> that so much of the work of the IETF happens over e-mail, a focus on HTTP
> seems a bit weird.
> 
> Note that this is not an attempt to start a conversation about whether PGP is
> usable, or whether S/MIME is better. I will fall off my chair in surprise if it
> doesn't turn into one, though.
> 
> 
> Joe

Are the IETF mail servers configured to use opportunistic TLS? I haven't checked. To me this would be a good first step down the mail encryption path.

Mike