On Oct 17, 2013, at 7:51 AM, [email protected] wrote: > Stephen Farrell <[email protected]> on Oct 15, 2013 5:31PM wrote: >> Better understanding is always good and the main goal here (at least >> mine) is to make pervasive monitoring more expensive to the extent >> technically feasible. Personally, I think there are things about IMAP >> that could be impoved but I'm very skeptical that we can "solve" the >> problem for mail in general. (Some others on this list are more >> optimistic.) > > You're still not answering the question, at least directly, and I really want > a > direct answer. More expensive for whom? The vast majority of current and > likely > future email users, who seem perfectly happy to use the service offerings of > large ISPs and MSPs? If so, then any proposal you come up with needs to done > in > a way that persuades those providers that making changes to their service > offerings is the right thing for them to do.
Dear Ned, Improving the efficiency of email acceptance might be this incentive. As IPv6 becomes pervasive, an authenticated domain source as a basis is likely to be more sustainable over time. Establishing expectations that StartTLS confirms both server and client certificates affords improved transactional protection from spoofing or reputation poisoning, especially with the transparency and economy afforded by DANE for protection from simple monitoring, malicious spoofing, and reputation poisoning. Providers will need to be trustworthy and may need to reside in specific geopolitical regions willing to ensure such protections. Multiple keying of encrypted data where each key subset resides in different geopolitical regions might be a way to increase trust, but this is not off-the-shelf crypto which you state as a requirement. Regards, Douglas Otis _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
