Early last week I emailed a group of IETF Area Directors, for the Security and Applications areas, asking them to start the process of creating a new Working Group to address the issues around email security. (Thanks Adrian Farrel for the prodding!)
Today, the first result of the effort has been completed – the new endymail mailing list. An IETF venue to discuss how these issues can be addressed, hopefully laying the groundwork updated standards to improve email as we know it today, and eventually standardizing a replacement to SMTP and related protocols. Here’s the description that the group came up with for the new list:
There is significant interest in improving the
privacy-related properties of Internet mail. One focus of
current efforts is on the per-hop (connection-based)
protections provided by TLS. However a wide range of other
work has a focus on end-to-end protection, at the Internet
scale of billions of end users and perhaps millions of
operators. Such work typically involves new forms of mail
header or body protection, new public key management
(compared to S/MIME or PGP), and security mechanisms more
appropriate for mobile/web user-agents. Other
security-relevant approaches may be discussed if needed.
Various proposals and development efforts on this topic are
underway outside the IETF. This mailing list provides an
IETF venue for discussion of elements that might be commonly
needed by such efforts and to identify work that the IETF
could do to aid in achieving better end-to-end security
deployed for Internet email.
While the creation of another mailing list is far from groundbreaking, it’s the necessary first step in standardizing a solution to a decades old problem.
I encourage everyone interested in email security and privacy to join the list, and participate in the discussions that will lead to new standards. (Though please wait a bit for people to subscribe before starting discussions.)
A big thanks to Stephen Farrell, Joe Hildebrand, and Pete Resnick for their enthusiastic support for this effort.