On Thu, Feb 9, 2012 at 5:16 AM, Phillip Hallam-Baker <[email protected]> wrote:
So now we see why security policy driven by MUA published security policy is going to fail: there is no consistency in the MUA loop. I read mail on four separate devices. They have no way to communicate between themselves to negotiate a common security policy and I certainly would not want them to.
'Certainly'? You wouldn't want your systems to work together to seamlessly and transparently add protections to all of your personal intellectual property, permitting secure access from devices which you enrolled or otherwise authorized, with potentially a completely transparent and automatic secure authorization process? You wouldn't want your systems to automatically and securely manage your utility and ceremonial keys so that your command is the only one which can permit their application? You wouldn't want your systems to implement key expiration and rollover, or automatically enroll new keys into new PKIs as such would become useful? I'm sorry, but I would. And I do. The Person is the one who specifies policy. Not the service that the Person hires to carry his mail or his traffic. (The service may indeed specify its own policies, but that's the Terms of Service, part of the contract between two Persons (individual and corporate), and only of note if the service must cut the individual off for their violation.) -Kyle H
Verify This Message with Penango.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ therightkey mailing list [email protected] https://www.ietf.org/mailman/listinfo/therightkey
