[liberationtech] Why ~not~ S/MIME?
Ali-Reza Anghaie
ali at packetknife.com
Tue Jul 30 01:28:12 PDT 2013
On Tue, Jul 30, 2013 at 4:20 AM, Ralph Holz <holz at net.in.tum.de> wrote:
> I am not sure I agree with the OPSEC issue. There are a bunch of
> synchronised SKS key servers. As for people's capability to judge
> others' accuracy in determining identity, well... is that so much worse
> than a CA system, where a CA does only an e-mail check, but no EV?
>
> Furthermore:
> * With the current weakness of the CA system (all CAs are equal), I
> trust PGP a whole lot more
*snip*
For "us" that's meaningful - is it for most people? Even 1%?
Also - I wasn't clear at all - when I cited OPSEC I also meant if you
want to use S/MIME in a PGP self-generated and distributed fashion you
can do so. So what's not to say that a community or lets say EFF
managed S/MIME issuing server w/ the Mozilla Foundation involved or
what-not isn't, in practical terms, a much faster pathway to encrypted
email adoption?
That's what I'm getting at. Do we have a way to end-route the problem
we're not taking advantage of?
> What makes PGP more attractive to me is the higher degree of control I
> can exercise.
Exactly - agreed. Entirely. Also the problem w/ the adoption. Higher
degree of ~responsibility~ also...
So I'm trying to figure out if this is another situation where the
people doing the advocating (the proverbial "us") aren't thinking
about the end-user reality. And - in this case - if we have a
perfectly acceptable security model within reach that requires tweaks
to S/MIME or tweaks to PGP. And are the "tweaks" to S/MIME such that
it's more readily attainable on a broad organizationally supported
basis (again giving EFF and Mozilla Foundation as sponsoring
suggestions)...
Thank you for the time of your response, Cheers, -Ali
More information about the liberationtech
mailing list