"Robert E. Frank" wrote:
> Hello Ed,
>
> So, from your two messages, should I
> conclude that you think Verisign products
> are of no potential value and that SMIME
> is a waste of time?
Whoaa! Not only black and white or you'll be missing
a lot of colors in between. What I'm saying is that
you can rely on such products for what they
say they can be relied on, not more. But that is not
much at all. In fact, if I write below my name
"I am who I say I am" this statement is AS
STRONG as the Verisign-derived statement
had I used a Verisign certificate to sign it.
> Do you know of a
> better way to protect MIME messages?
First of all, protect against what -- Impersonation?
Tampering? Replay? Repudiation of sending? Repudiation
of receipt? Repudiation of time at sending? Repudiation
of time at receipt? Repudiation of reading? Virus?
Please specify and also please specify which of the above
issues you believe ARE protected by S/MIME and to
what extent.
> BTW: It would be a surprise to find
> out that Verisign is not using its own PKI
> for email because it adds at least 5kB
> to each message. Do you really think
> that is a critical consideration in today's
> email environment?
Take a look at this reply I just received from
a mail agent and tell me what you'd think if
a substantial part of your messages would
have an added 5kB overhead for nothing and
you'd be faced with many email returns that
you'd have to process a second time:
Your message cannot be delivered to the recipient,
<email address supressed>.com, because his/her mail
box storage limit has exceeded.
The summary of your previous message:
From: Ed Gerck <[EMAIL PROTECTED]>
To: "Robert E. Frank" <[EMAIL PROTECTED]>
Cc: internet-payments <[EMAIL PROTECTED]>, [EMAIL PROTECTED],
[EMAIL PROTECTED]
Sent Date: Fri Dec 20 13:56:26 CST 2002
Subject: Re: Invisible Ink, E-signatures slow to broadly catch on
Cheers,
Ed Gerck
