[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Authentication and email

To: Paul Hoffman / IMC <phoffman@imc.org>
Subject: Re: Authentication and email
From: Derek Atkins <derek@ihtfp.com>
Date: 10 Feb 2003 16:44:46 -0500
Cc: Gonzalo Camarillo <Gonzalo.Camarillo@lmf.ericsson.se>, wgchairs@ietf.org
In-reply-to: <p0521031aba6b0517a4e8@[165.227.249.18]>
References: <3E354398.BF1D5575@lmf.ericsson.se><611987020.1043699189@localhost> <3E3674FA.202781D7@lmf.ericsson.se><674756478.1043761959@localhost> <3E369EAE.80761DAC@lmf.ericsson.se><p05210219ba5e0c696c00@[165.227.249.18]><3E4547DE.2667AC9E@lmf.ericsson.se><p0521031aba6b0517a4e8@[165.227.249.18]>
User-agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7

Paul Hoffman / IMC <phoffman@imc.org> writes:

> >Any user agent that can send instant messages using SIP, MUST implement
> >S/MIME... if we believe that it is acceptable to send emails to the IETF
> >mailing lists without using any kind of security, why do we mandate
> >S/MIME for instant messages? That was the issue Dean was talking about.
> >3GPP was strongly opposed to that MUST S/MIME, but we insisted that it
> >had to be in the spec.
>
> Ah, now *there's* a topic worthy of IETF-wide discussion! Where was
> the security needed? What are the attack scenarios? Could it have
> been implemented optionally, like we have in mail?

Yea, and look how secure our email system is....  The IESG has already
stated that optional security is bad (because optional security means
no security).  Let's not revisit that rathole.

> --Paul Hoffman, Director
> --Internet Mail Consortium

-derek, co-chair IMPP
-- 
       Derek Atkins
       Computer and Internet Security Consultant
       derek@ihtfp.com             www.ihtfp.com

Follow-Ups:
- Re: Authentication and email
  - From: Paul Hoffman / VPNC <paul.hoffman@vpnc.org>

References:
- Authentication and email
  - From: Gonzalo Camarillo <Gonzalo.Camarillo@lmf.ericsson.se>
- Re: Authentication and email
  - From: Harald Tveit Alvestrand <harald@alvestrand.no>
- Re: Authentication and email
  - From: Gonzalo Camarillo <Gonzalo.Camarillo@lmf.ericsson.se>
- Re: Authentication and email
  - From: Harald Tveit Alvestrand <harald@alvestrand.no>
- Re: Authentication and email
  - From: Gonzalo Camarillo <Gonzalo.Camarillo@lmf.ericsson.se>
- Re: Authentication and email
  - From: Paul Hoffman / IMC <phoffman@imc.org>
- Re: Authentication and email
  - From: Gonzalo Camarillo <Gonzalo.Camarillo@lmf.ericsson.se>
- Re: Authentication and email
  - From: Paul Hoffman / IMC <phoffman@imc.org>

Prev by Date: Re: Experimental RFC to be: draft-stoica-diffserv-dps-01.txt
Next by Date: Re: Authentication and email
Previous by thread: Re: Authentication and email
Next by thread: Re: Authentication and email
Index(es):
- Date
- Thread