Re: On email and web security
IETF Chair <chair@ietf.org> Wed, 30 December 2015 22:19 UTC
Return-Path: <chair@ietf.org>
X-Original-To: ietf@ietf.org
Delivered-To: ietf@ietfa.amsl.com
Received: from [10.30.0.131] (unknown [83.150.71.93]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPSA id 153EC1B29B7; Wed, 30 Dec 2015 14:19:13 -0800 (PST)
Content-Type: text/plain; charset="windows-1252"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
Subject: Re: On email and web security
From: IETF Chair <chair@ietf.org>
In-Reply-To: <304F200F-CF0B-4C23-91F9-BFC06C41BDA8@cisco.com>
Date: Thu, 31 Dec 2015 00:19:09 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <4E442EDD-6E06-40F3-ACFE-33119B737AF9@ietf.org>
References: <304F200F-CF0B-4C23-91F9-BFC06C41BDA8@cisco.com>
To: "Fred Baker (fred)" <fred@cisco.com>
X-Mailer: Apple Mail (2.1878.6)
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/FKNydcAyKKfrKvzS8eF8BZplmfM>
Cc: "ietf@ietf.org" <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Dec 2015 22:19:15 -0000
Thanks for the comments, Fred, and I agree. In particular I agree that we need a better and more coherent security architecture. Not necessarily as a way to cut the other flowers but as a model of how to do things securely. And I agree about privacy being an inherent part of security. And I agree about using our own tools as an organisation, but with a caveat. When we worked on, say, HTTP/2, we didn’t do that for the sake of our own website. We did it for the sake for major content providers and most popular web browsers. If what we worked on in privacy didn’t work for the IETF or us individually, it would be very weird. But it also cannot be the only goal, we have to share minds with major current or potential users of the technology. What would those be in the e-mail case, and kinds of things are they likely to need? Having a good answer to those questions is probably as important as having all of us turn on particular forms of security in our individual communications. (I should probably insert a reminder that even in e-mail there are actually many subproblems and and aspects. End-to-end content protection is just one. But both my discussion above and yours Fred were focused on the end-to-end part.) Jari
- On email and web security Fred Baker (fred)
- Re: On email and web security Paul Wouters
- Re: On email and web security Kathleen Moriarty
- Re: On email and web security Fernando Gont
- Re: On email and web security IETF Chair
- Re: On email and web security John Levine
- Re: On email and web security Michael Richardson
- Re: On email and web security Phillip Hallam-Baker
- Re: On email and web security Doug Royer
- Re: On email and web security Doug Royer
- Re: On email and web security Phillip Hallam-Baker
- Re: On email and web security Phillip Hallam-Baker
- Re: On email and web security l.wood
- Re: On email and web security Steve Crocker
- Re: On email and web security John Levine
- Re: On email and web security Phillip Hallam-Baker
- Re: On email and web security Phillip Hallam-Baker
- Re: On email and web security Doug Barton
- Re: On email and web security Phillip Hallam-Baker
- Re: On email and web security Doug Barton
- Re: On email and web security Dave Cridland
- Re: On email and web security Phillip Hallam-Baker
- Re: On email and web security Doug Barton
- Re: On email and web security Doug Royer
- Re: On email and web security Matthew Kerwin
- Re: On email and web security Doug Royer
- Re: On email and web security John Levine
- Re: On email and web security Doug Barton
- Re: On email and web security John Levine
- Re: On email and web security Doug Barton
- Re: On email and web security Phillip Hallam-Baker
- Re: On email and web security George Michaelson