At 4:44 PM -0500 2/10/03, Derek Atkins wrote:
Well, yes, let's look. Security is available where the two end-users want it, and is available where any pair of servers want it. Few people turn it on in either step, but those who want it use it almost invisibly.Yea, and look how secure our email system is....
We fully disagree here. Forcing visible security where none is needed leads to most people not wanting to use security. If security is free or very low-cost, it should be required. When it is any more expensive either in processing time or in user hassle, it should be optional and easy to implement if used.The IESG has already stated that optional security is bad (because optional security means no security). Let's not revisit that rathole.