- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Tue, 8 Dec 2015 00:19:59 +1100
- To: Cory Benfield <cory@lukasa.co.uk>
- Cc: Poul-Henning Kamp <phk@phk.freebsd.dk>, Jacob Appelbaum <jacob@appelbaum.net>, Amos Jeffries <squid3@treenet.co.nz>, HTTP Working Group <ietf-http-wg@w3.org>
On 8 December 2015 at 00:11, Cory Benfield <cory@lukasa.co.uk> wrote: >> Let’s take draft-thomson-signing and draft-thomson-encryption, and have them both normatively reference a draft that talks about key distribution. We don’t have to detail it in those drafts, but in my view we absolutely have to talk about it somewhere. I apologize for missing this, I think that it's an important question to address... (In my defence, the amount of digital ink spilled here is beyond my current ability to track.) I don't think that this is a sensible strategy. There are a few uses already for both drafts, both of which have very different key management strategies. Attempting to button this down in the way you suggest would necessarily bless or condemn a whole range of possibilities.
Received on Monday, 7 December 2015 13:20:33 UTC