Yes, the policy has to come either from Alice or Alice's employer depending on the context. If Alice is at home, she choses, but if she is at work dealling with work issues, her employer should decide.
This is why i think policy should ultimately tie one to oneto DNS names: they are cheap and easy to obtain. If you are tied to someones dns name you are in their power anyway. That is why i own hallambaker.com. But regardless of who is setting that policy, there has to be a single control point or it is not going to be practical. I have 48 ip enabled devices in my house. And in the future that wont be unusual. My car has 3 separate rs422 networks with 60 devices. The end to end argument is not obsolete: complexity really matters. What has changed is the conclusion. In 1970 the endpoint was the place to put complexity. Forty years later, a bump in the wire contolled by the policy maker is better. Sent from my iPad On Feb 15, 2012, at 11:06, Olaf Kolkman <[email protected]> wrote: > > On Feb 9, 2012, at 2:16 PM, Phillip Hallam-Baker wrote: > >> For Alice and Bob there are many possible paths: >> >> I very often start writing an email message on one machine and >> continue on another. In the course of a typical day I use a minimum of >> one PC, one Macbook, one iPhone and my work iPad. So for me it is >> actually quite usual for me to start writing an email on the Mac and >> continue on the PC. I typically read the messages on whichever one of >> the four machines is close at hand. >> >> So the arity of the relationships is: >> >> MUA -> MTA: Many -> 1 >> MTA -> MTA: 1 -> 1 >> MTA -> MUA: 1-> Many >> >> Now a good email setup should of course have multiple MTAs. But they >> should have a setup that makes them look like a single logical unit. >> There are many mail servers for example.com but only one logical mail >> service. >> >> So now we see why security policy driven by MUA published security >> policy is going to fail: there is no consistency in the MUA loop. I >> read mail on four separate devices. They have no way to communicate >> between themselves to negotiate a common security policy and I >> certainly would not want them to. >> >> Conclusion: >> >> 1) Security policy is a property of MTAs and not MUAs and hence of >> domains and not accounts. > > > I am wading through the list trying to catch up... and something in the above > makes me wonder. > > You start of with Alice and Bob, describe a relation between machinery, and > conclude that the security policy is a property of the machinery. > > Why is the security policy not tied to Alice and Bob? > > > --Olaf > > > ________________________________________________________ > > Olaf M. Kolkman NLnet Labs > http://www.nlnetlabs.nl/ > > > > > > > > > > > > > _______________________________________________ therightkey mailing list [email protected] https://www.ietf.org/mailman/listinfo/therightkey
