[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [opes] draft-ietf-opes-smtp-security-01
Speaking as someone who has followed the WG for some time and knows
the context of the work, I repeat, the introduction *really* does need
some kind of simple statement about its purpose. Something like
"Because OPES is a protocol that is built over application layer
transports, its security may depend on the specifics of the transport.
OPES designs are guided by the IAB 'Consideration' document , and
those considerations are revisited here in the context of the SMTP
protocol." Put that right after the "2. Introduction" line and then
the section title for 2.1 becomes much less jarring.
My points about encryption may seem overly technical, but they are
essential. Privacy and integrity are separate concepts. Keeping a
message secret is different from ensuring that message modification is
detectable. The algorithms are different, the implementations are
different, the key management is different, they are different things.
They cannot be conflated into the single word "encryption" or even the
shorthand "encryption/signing". They must be discussed separately.
I'll write the paragraphs if that will help.