[liberationtech] Why ~not~ S/MIME?
Ali-Reza Anghaie
ali at packetknife.com
Tue Jul 30 02:00:46 PDT 2013
On Tue, Jul 30, 2013 at 4:49 AM, Guido Witmond <guido at witmond.nl> wrote:
> My biggest beef with S/MIME is the certificates of the CA's.
>
> The CA's validation policy requires you to prove your real world
> identity to them. Which they then write into the certificate.
>
> It means that each and every email is tagged with your true identity for
> life. No thanks....
Self-signed S/MIME certs work just fine - however, you lose part of
the ease-of-use. I'm really talking about in the context of today's
PRISM (and friends) discussions with ~everyone~...
Also - I'm still not sure "we" can't solve that between the various
organizations that are pushing these privacy issues and the browser
vendors. A community trusted CA that conforms to whatever rules EFF
and EPIC come up with (as one suggestion).
To confirm - so far the object (the main one) - is the CA
dependency... I get that. Alright.
-Ali
More information about the liberationtech
mailing list