Re: Proposed Proposed Statement on e-mail encryption at the IETF
Paul Hoffman <paul.hoffman@vpnc.org> Tue, 02 June 2015 17:15 UTC
Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6507C1A1A90 for <ietf@ietfa.amsl.com>; Tue, 2 Jun 2015 10:15:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.347
X-Spam-Level:
X-Spam-Status: No, score=-1.347 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_MISMATCH_COM=0.553] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DZmDmzm0f__n for <ietf@ietfa.amsl.com>; Tue, 2 Jun 2015 10:15:46 -0700 (PDT)
Received: from proper.com (Opus1.Proper.COM [207.182.41.91]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 484001A0167 for <ietf@ietf.org>; Tue, 2 Jun 2015 10:15:46 -0700 (PDT)
Received: from [10.20.30.109] (142-254-17-100.dsl.dynamic.fusionbroadband.com [142.254.17.100]) (authenticated bits=0) by proper.com (8.15.1/8.14.9) with ESMTPSA id t52HFhRj092137 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 2 Jun 2015 10:15:44 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
X-Authentication-Warning: hoffman.proper.com: Host 142-254-17-100.dsl.dynamic.fusionbroadband.com [142.254.17.100] claimed to be [10.20.30.109]
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2098\))
Subject: Re: Proposed Proposed Statement on e-mail encryption at the IETF
From: Paul Hoffman <paul.hoffman@vpnc.org>
In-Reply-To: <DD88F4E4-6BBA-4610-BB49-3158A26DF55B@hopcount.ca>
Date: Tue, 02 Jun 2015 10:15:54 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <2DA10E34-02DA-4245-9031-8C0F2749461D@vpnc.org>
References: <DD88F4E4-6BBA-4610-BB49-3158A26DF55B@hopcount.ca>
To: Joe Abley <jabley@hopcount.ca>
X-Mailer: Apple Mail (2.2098)
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/No__mqQbfuSS8OCkDvuaY8N5rEg>
Cc: IETF Discussion Mailing List <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Jun 2015 17:15:48 -0000
Ignoring the "signed" part... On Jun 2, 2015, at 6:44 AM, Joe Abley <jabley@hopcount.ca> wrote: > If the argument that we should use HTTPS everywhere (which I do not disagree with) is reasonable, it feels like an argument about sending encrypted e-mail whenever possible ought to be similarly reasonable. Given that so much of the work of the IETF happens over e-mail, a focus on HTTP seems a bit weird. This is a terrible idea. If the IETF mailer thinks it knows my PGP encryption key, and I don't because I have lost it or invalidated it, then I cannot read the mail from the IETF mailer and will thus lose valuable information. Maybe we can develop some interface that allows a user to specify their encryption key and remove it at will, but I've never seen such an interface before and suspect that its design will have all sorts of pointy edge cases. Proposal: if you actually want this, develop an interface for telling the server your key first. Get buy-in from others active in the IETF, if possible. If you can pull this off, it will benefit much more than the IETF. --Paul Hoffman
- Proposed Proposed Statement on e-mail encryption … Joe Abley
- RE: Proposed Proposed Statement on e-mail encrypt… MH Michael Hammer (5304)
- Re: Proposed Proposed Statement on e-mail encrypt… Russ Housley
- Re: Proposed Proposed Statement on e-mail encrypt… Jari Arkko
- Re: Proposed Proposed Statement on e-mail encrypt… Stephen Farrell
- Re: Proposed Proposed Statement on e-mail encrypt… Xiaoyin Liu
- Re: Proposed Proposed Statement on e-mail encrypt… Xiaoyin Liu
- Re: Proposed Proposed Statement on e-mail encrypt… Joe Abley
- Re: Proposed Proposed Statement on e-mail encrypt… Hector Santos
- Re: Proposed Proposed Statement on e-mail encrypt… Phillip Hallam-Baker
- Re: Proposed Proposed Statement on e-mail encrypt… Joe Abley
- Re: Proposed Proposed Statement on e-mail encrypt… Måns Nilsson
- Re: Proposed Proposed Statement on e-mail encrypt… John Levine
- Re: Proposed Proposed Statement on e-mail encrypt… John Levine
- Re: Proposed Proposed Statement on e-mail encrypt… Paul Hoffman
- Re: Proposed Proposed Statement on e-mail encrypt… Nico Williams
- Re: Proposed Proposed Statement on e-mail encrypt… Nico Williams
- Re: Proposed Proposed Statement on e-mail encrypt… Phillip Hallam-Baker
- Re: Proposed Proposed Statement on e-mail encrypt… Joe Abley
- Re: Proposed Proposed Statement on e-mail encrypt… Joe Abley
- Re: Proposed Proposed Statement on e-mail encrypt… Paul Hoffman
- Re: Proposed Proposed Statement on e-mail encrypt… Joe Abley
- Re: Proposed Proposed Statement on e-mail encrypt… Paul Wouters
- Re: Proposed Proposed Statement on e-mail encrypt… Måns Nilsson
- Re: Proposed Proposed Statement on e-mail encrypt… Matt Mathis
- Re: Proposed Proposed Statement on e-mail encrypt… Brian E Carpenter
- Re: Proposed Proposed Statement on e-mail encrypt… Phillip Hallam-Baker
- Re: Proposed Proposed Statement on e-mail encrypt… Warren Kumari
- Re: Proposed Proposed Statement on e-mail encrypt… Hector Santos
- Re: Proposed Proposed Statement on e-mail encrypt… Måns Nilsson
- Re: Proposed Proposed Statement on e-mail encrypt… John C Klensin
- Re: Proposed Proposed Statement on e-mail encrypt… Joe Abley
- Re: Proposed Proposed Statement on e-mail encrypt… Glen