RE: [Simple] Issue 1: End-to-End encryption

["Burger, Eric" <eburger at brooktrout.com>]

I like that idea (if inbound is encrypted, IMDN is encrypted), too.

Also, on Ben's point, yes, the UAS can ignore for any reason.  However,
my idea is the UAC has a Requires: imdn.secure header, so the UAS can
reject immediately to let the sender know that they will never get a
secure IMDN.

-----Original Message-----
From: Hisham Khartabil [mailto:hisham.khartabil at telio.no] 
Sent: Tuesday, November 08, 2005 6:22 PM
To: Aki Niemi
Cc: ext Ben Campbell; Burger, Eric; simple at ietf.org
Subject: Re: [Simple] Issue 1: End-to-End encryption


On Nov 8, 2005, at 11:38 PM, Aki Niemi wrote:

>
>
> ext Ben Campbell wrote:
>>> So, if we don't go the simple route of all IMDN's are encrypted, we
>>> should have:
>>>  o  A mechanism to let the sender insist on encrypted IMDN
>>  Agreed.
>
> Huh?? You don't currently have any way of insisting that replies are 
> encrypted, and those actually contain sensitive data (in most cases).
>
> Why don't you simply say that if the message was encrypted, you need 
> to encrypt the IMDN. Don't over-engineer this.

I like that, you make the MDN as secure as IM it is for.

Hisham

>
> Cheers,
> Aki
>
> _______________________________________________
> Simple mailing list
> Simple at ietf.org
> https://www1.ietf.org/mailman/listinfo/simple
>

_______________________________________________
Simple mailing list
Simple at ietf.org
https://www1.ietf.org/mailman/listinfo/simple