[ih] IETF relevance (was Memories of Flag Day?)

Steffen Nurpmeso steffen at sdaoden.eu
Wed Sep 6 15:58:57 PDT 2023


Dave Crocker via Internet-history wrote in
 <7adcff2f-94a7-6efe-333c-201466915630 at dcrocker.net>:
 |On 9/5/2023 9:36 PM, Jack Haverty via Internet-history wrote:
 |> My email program claims to have the ability to handle encrypted email, 
 |> cryptographically verified signatures, certificates, and such, and 
 |> there are lots of RFCs/Standards describing mechanisms for secure 
 |> email.   I don't know why none of my legal, medical, or financial 
 |> providers chose to use such "on the shelf" technologies.
 |
 |Other than for transit-level email authentication crypto -- working at 
 |domain name level -- email-based encryption has been unable to scale.  

Maybe it just takes more time.
I have passport, bank card, healthcare card, all these have user
IDs, maybe in two years (what our chancellor said) even more such
will come.  I think the Russians are very much digital-enabled?

Maybe, in the not too distant future, ... and i think in Sweden
and in Catalonia there were already hip dance clubs aka a company,
where people could choose to implant a chip under their skin for
paying aka attendance tracing .. any many did.  I am convinced we
all get a brain implant ever since i am a conscious adult --- and
is it you who wants to be responsible when first aid gives you
wrong medicine because they do not know about allergies, and
a thousand other reasons why paedophiles shall ring alarms near
kindergartens!  I did not invent the idea either, i think i just
read about it in an old book.  (Asimov?)

Anyhow, if people are enabled by their governments to learn about
and use the digital world, and if it is only a small info booklet,
and an USB card reader, (for as long as people cannot use their
implant as they now indeed use their "smart" watches
.. everywhere!), then of course two-way encryption via email is
easy.

 |So, yes, your software includes those functions, but no, they are not 
 |deemed viable for serious communications at scale.

My opinion is it is viable.  That "deem" is evil.  That "deem"
wants CA pools as business.

 |Hence some environments choose messaging functions that they can operate 
 |solely under their control.  (They rely on https for that 'at scale' 
 |part of crypto.)

Instead of PKI etc.

For example, IETF could invent a Reply-With-Identity: header.  Now
that email as it comes in is nicely verifiable cryptographically
to the root with DKIM-Store:, whatever happened with it, and it
is signed then encrypted via S/MIME or PGP itself in addition.
Now email software is enabled to enforce that replies to such
emails are signed and encrypted themselves, and it likely could
use the given info to look in a local S/MIME and PGP pool if that
is present automatically, only confirming correctness by asking
the user.
Now plant a manager in front of a graphical email user agent and
let him go through the given scenario: here you have viability.
A hundred percent.

--steffen
|
|Der Kragenbaer,                The moon bear,
|der holt sich munter           he cheerfully and one by one
|einen nach dem anderen runter  wa.ks himself off
|(By Robert Gernhardt)



More information about the Internet-history mailing list