On Tue, Nov 18, 2014 at 2:21 PM, Tom Mitchell <mitch@niftyegg.com> wrote:
On a more serious note, the IAB statement below opens up a whole can of worms.
1. The vast bulk of the Internet protocols now and in the future already exist. How are we going to retrofit them or somehow deal with them? New secure protocols will be a tiny percentage of the installed base of insecure protocols.
If the goal is too large nothing will happen.
Pick one service (like mail) and design a protocol that can be used between hosts.
<simple-mind> Mail is a good example because it is store and forward. At a big service like Yahoo or Google there are many sites and internal store and forward links could use the new protocol.
At first key management might keep the new connections inside a service. Later a pair like Yahoo and Google could exchange keys then others. ...
Blah blah blah same old tired centralized intermediary smtp email services, lack of privacy/anonymity, and application of control/censorship. If the goal is not dreamily large enough and totally revolutionary, nothing will happen but regurgitated refits instead of replacements. Try setting the goal of P2P messaging over an encrypted anonymous P2P overlay network instead. Do you believe pigs can fly? I do.
All that is needed is a specific service and specific firewall rules that current Cisco and the like hardware can enforce and audit.
More central censorship and control. Where's my DNA based onramp access and Clipper card again... must have left it in the tax machine.