[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Authentication and email

To: Paul Hoffman / VPNC <paul.hoffman@vpnc.org>
Subject: Re: Authentication and email
From: "Steven M. Bellovin" <smb@research.att.com>
Date: Mon, 10 Feb 2003 20:05:57 -0500
Cc: wgchairs@ietf.org

In message <p0521031fba6dd7e4584a@[63.202.92.156]>, Paul Hoffman / VPNC writes:
>
>>   The IESG has already
>>stated that optional security is bad (because optional security means
>>no security).  Let's not revisit that rathole.
>
>We fully disagree here. Forcing visible security where none is needed 
>leads to most people not wanting to use security. If security is free 
>or very low-cost, it should be required. When it is any more 
>expensive either in processing time or in user hassle, it should be 
>optional and easy to implement if used.

More precisely, the IESG has stated that implementing interoperable
strong security is mandatory.  It has to be mandatory to implement
or it won't be interoperable.  As for low cost and/or invisible -- if
we can, we of course want that, but it's not always possible.

Prev by Date: RE: Last Call: Generalized Multiprotocol Label Switching Extensions for SONET and SDH Control to Proposed Standard
Next by Date: Re: Last Call: OpenPGP Message Format to Proposed Standard
Previous by thread: RE: Authentication and email
Next by thread: other Internet related event
Index(es):
- Date
- Thread