Dear Perpass WG, Can networks ever be assumed secure carrying data in the clear?
"Veracity" is an interesting term defined in T13-C-0427 offered by Tony Rutkowski. When dealing with powerful adversaries (state or organized crime) is it safe to assume the veracity of: a) the routing system ? b) DNS ? c) the reputation of an identifier ? http://tools.ietf.org/html/rfc6545#section-9.3 Can email be treated "as if" each message were RID messages ? What are reasonable source compliance requirements for encrypted messages ? (such as certificates verifying the entity initiating the message.) What is the market value of guidelines permitting domain use as a basis for acceptance ? a) IP address independence b) Provider independence c) Justification for improved security Can comparative overheads be extrapolated among various suggested strategies ? Is DANE still on the table, since any strategy should have long term perspectives ? For example, will CA issued certificates: a) cost impair wide adoption b) leak sensitive information c) prove untrustworthy facing geopolitical pressure d) prove difficult maintaining revocations Transitioning to DNSSEC, can CA issued certificates offer temporary fallback strategies for DANE ? Does a certified provider of an encrypted message place individuals at risk ? When most email is encrypted, can provider certificates who initiate messages serve to protect services from excessive overhead caused by pervasive abuse? As a note, the public domain Judy array library can list all domains in current use at more than 5 million transactions per second needing about 15% greater memory overhead than that of a flat list. Regards, Douglas Otis
_______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
