"Note that this is contingent on practicality - if some personal data really has to be sent in clear for a protocol to be able to operate, and even opportunistic encryption is not possible, then a standards- track protocol that does not define how to protect that data will be consistent with this BCP. The IETF will have to decide in such cases whether standardizing that protocol benefits the Internet or not."
1. Is the value of a personal public key considered "personal data"? In TLS client authentication, these keys are requested. 2. Under the goal of MITM resistance, how can opportunistic encryption provide security without authentication? I think that an authentication layer on top of opportunistic encryption is required.
_______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
