I didn’t mean to misrepresent what you said. I was simply trying to
simplify the argument. I’m sorry if I got it wrong. How would you
rephrase it?
There's all sorts of reasons you wouldn't want your mail provider to read
your mail. As I said in an example, Gmail is mostly reliable but we don't
know what secret subpoenas they might get.
I am in agreement with you that the document assumes that domains are the
authorities of the identities of their users. I concur that the document should
explicitly state this. Email addresses have become an identifier that is in
many ways superior to other identifiers, such as SSNs and Driver License #s,
because they can be proved by an individual’s ability to receive email at a
specific address. For the same reason, mobile telephone numbers are also
quickly becoming persistent identifiers. Email addresses have an advantage
over mobile telephone numbers in that there are more of them and they are
easily changed as necessary.
Would you support advancing the draft it is explicitly stated this assumption?
No. It has other fatal flaws, discussed at length in the past. Better key
distribution is a fine idea, but this isn't the way to do it.
Regards,
John Levine, jo...@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly
_______________________________________________
dane mailing list
dane@ietf.org
https://www.ietf.org/mailman/listinfo/dane
