On Wed, Sep 3, 2014 at 10:55 AM, Kathleen Moriarty <[email protected]> wrote: > > > > On Wed, Sep 3, 2014 at 3:22 AM, Werner Koch <[email protected]> wrote: >> >> On Tue, 2 Sep 2014 18:22, [email protected] said: >> >> > Similarly, if the list concludes that users have to understand >> > keys then that's also easy - we know that will never happen >> > and so could also call it a day. >> >> Users do understand mail addresses and thus a key should be identified >> by the mail address and not by any other property. >> >> > reinvent X.400 email security here please? (Or PEM, or MOSS, >> >> What problem do you see with MOSS? Except for the commonly ignored >> micalg parameter it is a well working part of MIME and not a problem at >> all. This is true for S?MIME as well as for PGP/MIME. We are still >> talking about mail, tight? Or is the goal of the list to replace the >> rfc822 mail format - that will never happen in the foreseeable future. > > > I think we should be open to a possible change for messaging in general and > not limit ourselves to mail.
Totally and I think changing messaging in general is likely to be the area where we eventually end up changing application protocols. If we are just fixing email security then obviously we play SMTP. If we are doing messaging then we just layer security onto Jabber. But if we decide that we are doing security for messaging in general, both synchronous and asynchronous, bilateral and multilateral then cutting out the cruft and going to a consistent JSON based messaging infrastructure with security built in from the start and a key service that doubles as a presence service starts to look a lot simpler than ad hoc backfixes to each protocol in turn. But. The reason I am sticking with email right now is that it is the single hardest problem and if we can solve that one, we can leverage the solution for every other area as well. What makes email hard is that it is asynchronous and the store and forward protocols don't separate content and data channels. So all control signaling takes place in the content space or not at all. These days increasingly not at all, I don't see bounce messages very often any more. _______________________________________________ Endymail mailing list [email protected] https://www.ietf.org/mailman/listinfo/endymail
