[liberationtech] Why ~not~ S/MIME?
Guido Witmond
guido at witmond.nl
Tue Jul 30 01:49:28 PDT 2013
On 30-07-13 09:56, Ali-Reza Anghaie wrote:
> For obvious reasons we're in another spike of "everyone should PGP"
> discussions - pretty much every direction you look. This always tugs
> at the back of my mind - why not push S/MIME a bit more?
>
> In my own experience the most common adoption problems with PGP for
> the uninitiated is getting the software to work where they want it and
> managing keys (including finding another person's key).
>
> Taking this from a push for adoption approach and not "our" ideal
> solution approaches, consider:
>
> - S/MIME is implemented in more places stock
> - S/MIME has at least one well supported Gmail option in
> https://www.penango.com/
> - S/MIME directories are generally more apt to "just work" for the
> end-user once setup
> - S/MIME certificate management is more intuitive for first-timers IMO
>
> The two big objections to S/MIME I see more frequently are downloading
> your certificate from third-party and cost to get certificate.
My biggest beef with S/MIME is the certificates of the CA's.
The CA's validation policy requires you to prove your real world
identity to them. Which they then write into the certificate.
It means that each and every email is tagged with your true identity for
life. No thanks....
There are certain good uses for it: give one to each politician. They
might be more honest knowing there is no plausible deniability. :-)
Other good use would be to sign the public records of a Notary public
with S/MIME. Too bad the one CA for that market had lousy security:
DigiNotar.
Cheers, Guido.
More information about the liberationtech
mailing list