On 24/06/09 23:49, Nelson B Bolyard wrote:
S/MIME's protection of message authenticity, integrity and confidentiality are unbroken and unsurpassed. It is implemented in most Windows, Mac and Linux email MUA's today. But only a small minority of mail users use MUAs that reside on their own computers today. Webmail rules, and entrusting your private key to your free webmail provider makes no sense at all.
https://addons.mozilla.org/en-US/firefox/addon/592 :-)
The biggest impediment to secure email today is the existence and popularity of webmail. In Mozilla terms, the biggest impediment to Thunderbird today is Firefox.
It seems that people are happy to make the trade-off of privacy against convenience here. I suspect it's unlikely that we are going to be able to change their minds on that. Hence extensions like the above.
Do you remember what happened to MD5? Without crypto agility, the only solution would have been an "Internet flag day", on which the whole world obsoleted and replaced its old MD5 stuff with some newer hash. Crypto agility allowed a smooth effortless migration for all but a few stragglers.
+1 for crypto agility. Gerv -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
