Dear Perpass WG, Technological solutions can address most security issues. Those related to PKI limitations can be addressed with DNSSEC and DANE, for example. Regardless of the number of hops, protocols such as XMPP's direct federation model can ensure multiple hop security. Of course, not all federations require full compliance, but at least XMPP offers a means.
The level of abuse and risk associated with lax management found with email is likely responsible for a shift away from services dominated by mass mailers and toward those suitable for individuals as characterized by growing social networks. Even so, most social networks also represent a potential for substantial privacy intrusion. The IETF could do more at reducing these exposures. Moving from SMTP to XMPP is not insurmountable, especially when it offers greater security with reduced complexity when dealing with threats. Such a transition offers a means to bolster waning system security and use. The IETF has done well to discourage email prompted exchange of "office" documents. Such exchanges represent a major and common exploit vector, especially when from unknown sources. Any such exchange must be considered a bad practice. The explosion of browser plugins and Apps from poorly vetted sources however are of equal concern and also demand source confirmation as well. More consideration needs to be made regarding both client and server certificates that can be exchanged with TLS, otherwise MiTM attacks may go undetected. It is also wrong to suggest IPv6 now offers secure BGP and is immune to address spoofing. The size of the IPv6 prefix address space precludes effective sharing of threats at being effective in mitigating abuse. Authenticated domains representing both ends of an exchange promise more effective protection strategies. Please forgive any apparent lack of etiquette, as there is no intent to demean anyone. Regards, Douglas Otis _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
