Re: Mail Security Spec
On Mon, 05 Nov 2001 23:42:08 GMT, Philip Gladstone [EMAIL PROTECTED] allegedly wrote: The only enhancement that I might want would be to be able to mark certain recipients as 'plain text only', and this would disable the signing as well. Personally I don't agree. All my mail is plain text, always, and I want those to be signed as well. I don't think one should equate to the other. Apologies if this is not what you meant. - Dave.
Re: Mail Security Spec
On Mon, 05 Nov 2001 19:12:13 GMT, Robert Relyea [EMAIL PROTECTED] allegedly wrote: I wouldn't expect mom and pop to use it, but then I wouldn't expect mom and pop to understand what PEM format is, or how and why they would want to export it to their website. OK, I hear what you're saying... but what about import. If I publish my certificate in this format, I'd like anyone to be able to import this and send me an encrypted message. This could be important in a business scenario where our customers/clients aren't always technically minded, but want to send me an encrypted mail (after all, I'm always harping on about it!) I think the goal should be that the expert users can accomplish the things they need but concentrate on those issues that prevent the more naive users from safely using this feature. I don't think that the export of a person's personal certificate could be considered a security risk. However, I can see that you wouldn't want to overload the user with technical issues. But the fact is that IE users have this feature already, and I think it's one of the good ones. :) In fact it's probably better if the export defaulted to just the X.509 certificate, and not the private key - that would be the safe option. - Dave.
Re: Mail Security Spec 2
On Tue, 06 Nov 2001 06:33:04 GMT, Lars Nordin [EMAIL PROTECTED] allegedly wrote: always encrypt and encrypt if possible is more like general preferences, If I, per mail, choose encrypt I really want it!! (again NS 4.x way of doing it) Agreed. The pull down from the icon to me would indicate options relating to the message that is being composed. Therefore the Security menu point should have a checkbox Encrypt. If any of the recipients do not have a valid certificate, then the padlock is opened, as listed in the details. I wonder though: if a user wants to sign and encrypt, they would have to visit the menu twice to enable both. In this instance, it might be better to have 3 radio buttons within the menu:- * Encrypt Only * Digitally Sign Only * Digitally Sign Encrypt This way, they only need to visit the menu once. I don't think Security and Priority should be split from the single icon menu pulldown. I like it the way it is in option 2. - Dave.
Re: Mail Security Spec 2
If you're taking votes ... OPTION 2 looks good Ditto. # * Intact pen Only appears when the message is signed, either per # Preferences or per this message only (Options menu). # * Only show the broken pen when the user wants to send this message # signed but can't for some reason (is this a valid scenario?). # * Show No pen icon at all if signing is turned off (user not # interested, don't annoy them with it). # * The lock icon as closed when the message can be sent encrypted # and encryption is turned on. # * Open lock when message can't be sent encrypted and encryption # is turned on. # * No lock if encryption is not turned on. I like this. The only difference I'd suggest is that instead of no pen and/or no lock (to indicate the option is not selected), I'd put a greyed-out pen and/or lock. This seems to indicate deselected more strongly, and is more discoverable.
Re: Mail Security Spec
Michael Ströder wrote: What's wrong with configuring the S/MIME ciphers as in Messenger 4.x today? The Messenger 4.x S/MIME cipher selection interface is misleading. It only controls which ciphers are listed as preferred in outgoing signed messages. Even if a user unchecks all of the weak ciphers, it will still send out messages encrypted with a weak cipher when it determines a recipient only supports weak ciphers. smime.p7s Description: S/MIME Cryptographic Signature
Re: Mail Security Spec
In the recipient list, would the cert/no-cert icon not be better to the left of the address? Why is the cert indicator on the right when the addressbook indicator is on the left? smime.p7s Description: S/MIME Cryptographic Signature
Re: Mail Security Spec 2
Jennifer Glick wrote: In response to the original posting, Mail Security Spec news://news.mozilla.org/3BE067D8.E521F3E9%40netscape.com, some alternative ideas are posted here: http://www.mozilla.org/mailnews/specs/security/Options.html Overall these seem much better. I prefer option 1 over the others, as I see no particular reason that the security options shouldn't be in the *Options* menu with the other per message options (in fact, consistency would suggest that's where it should be). The status bar stuff is much better. What happened to the idea of showing whether certs were available for each of the addressees? (i.e. how is the sender supposed to track down which of the adressees is causing the problem when the encrypt if possible option is used and a cert is missing? Perhaps just changing the existing address card icon to display a superimposed lock if a cert is available for that person (as opposed to having a new column of icons down the right hand side of the addresses)? As for the issue of discoverability -- I'm of the opinion that encryption and signing should be turned on by default to encourage widespread usage, and that mozilla should be able to automatically generate a certificate if the user doesn't already have one. Cheers, Len.
Re: Mail Security Spec
Dave Roberts wrote: On Mon, 05 Nov 2001 19:12:13 GMT, Robert Relyea [EMAIL PROTECTED] allegedly wrote: I wouldn't expect mom and pop to use it, but then I wouldn't expect mom and pop to understand what PEM format is, or how and why they would want to export it to their website. OK, I hear what you're saying... but what about import. If I publish my certificate in this format, I'd like anyone to be able to import this and send me an encrypted message. This could be important in a business scenario where our customers/clients aren't always technically minded, but want to send me an encrypted mail (after all, I'm always harping on about it!) Yes, with the right mime-type, this should work. I'm surprised it doesn't today.
Re: Mail Security Spec
Dr S N Henson wrote: The specification mentions using high-grade encryption. What about weak encryption using 40 bit RC2? Presumably this will still be supported. However there should be some way to at least warn if a message is going to be sent using weak encryption. What's wrong with configuring the S/MIME ciphers as in Messenger 4.x today? But I'd suggest that in opposite to Messenger 4.x the weak ciphers should be turned off by default. This would avoid that the sender accidently sends weakly encrypted e-mail to sender with unknown S/MIME capabilities. Ciao, Michael.
Re: Mail Security Spec 2
Steve, Dr S N Henson wrote: Frederick Roeber wrote: I'm of the opinion that encryption and signing should be turned on by default Turning on signing by default might be dangerous, not everybody is comfortable with a Legally Binding Signature on every random note they send. (Plausible deniability can be a good thing!) Not to mention being flamed in many mailing lists or newsgroups. Spammers would also love that. How would they love it ? I'm not sure if it would be such a problem actually. The auto signing feature could be taken one step further. Eg. there could be a new type of e-mail filter that for unsigned or unverified emails. At some point in the future, I would like to set the action for that filter in my e-mail client to automatically move all matching messages to the trash. I don't know about you, but I just don't think anonymous e-mails are worth replying to, and this type of filter would automatically get rid of all anonymous correspondence, most notably spam, because the spammers would face legal charges if their emails contained a legally binding signature. That would of course assume that there are worthy CAs out there that I can trust in my browser to do a good job of verifying users when issuing certs ...
Re: Mail Security Spec 2
I prefer option 1. Based on messages I receive and messages I expect that most users will receive, most people aren't changing the priority and security options on a regular basis. So I don't see any reason to put those options in such a prominent spot (whether below the attachments area or on the toolbar). I think putting it in the options menu in the main menu bar is where it should go and feedback should show on the status bar where it shows for everything other window. Scott Jennifer Glick wrote: In response to the original posting, Mail Security Spec news://news.mozilla.org/3BE067D8.E521F3E9%40netscape.com, some alternative ideas are posted here: http://www.mozilla.org/mailnews/specs/security/Options.html
Re: Mail Security Spec 2
Let me offer these observations. First, I've talked to many security aware customers who did not know that Communicator supported S/MIME. These same customers knew that Outlook Express supported S/MIME. Communicator did a great job of hiding the S/MIME controls so no one could find them. Outlook Express has Sign and Encrypt icons in the mail compose toolbar. Given how important security is these days I think it's important to improve the feature's discoverability. I think we can do that in a way that works with the rest of the UI. Second, users don't change priority settings often because doing so does not improve most communications. In fact, the idea is somewhat silly. :-) Almost all email marked HIGHEST priority in my mail is spam. So I would propose that security and priority are not similar in usage or importance. Question: do you prefer option 1 to the original spec where Sign and Encrypt are controlled by the small icons next to the Online icon? -Bob Scott Putterman wrote: I prefer option 1. Based on messages I receive and messages I expect that most users will receive, most people aren't changing the priority and security options on a regular basis. So I don't see any reason to put those options in such a prominent spot (whether below the attachments area or on the toolbar). I think putting it in the options menu in the main menu bar is where it should go and feedback should show on the status bar where it shows for everything other window. Scott Jennifer Glick wrote: In response to the original posting, Mail Security Spec news://news.mozilla.org/3BE067D8.E521F3E9%40netscape.com, some alternative ideas are posted here: http://www.mozilla.org/mailnews/specs/security/Options.html -- Bob Lord Director, Security Engineering Netscape Communications Corp. PKI Home Page: http://www.mozilla.org/projects/security/pki/ smime.p7s Description: S/MIME Cryptographic Signature
Re: Mail Security Spec
To be honest, I have no idea what the icon to the left of the email address is. You cannot click on it. It has no tooltips. When you change the address type from To: to Newsgroup: it does not change. Nor does adding email addresses from the LDAP server. I agree that placing the cert icons to the left might be a little better, possibly in place of that existing icon. -Bob John Gardiner Myers wrote: In the recipient list, would the cert/no-cert icon not be better to the left of the address? Why is the cert indicator on the right when the addressbook indicator is on the left? -- Bob Lord Director, Security Engineering Netscape Communications Corp. PKI Home Page: http://www.mozilla.org/projects/security/pki/ smime.p7s Description: S/MIME Cryptographic Signature
Re: Mail Security Spec 2
I'm of the opinion that encryption and signing should be turned on by default Turning on signing by default might be dangerous, not everybody is comfortable with a Legally Binding Signature on every random note they send. (Plausible deniability can be a good thing!) I'd like encryption on by default, though. We have got to stop all this mail being sent around in plaintext.
Re: Mail Security Spec 2
Frederick Roeber wrote: I'm of the opinion that encryption and signing should be turned on by default Turning on signing by default might be dangerous, not everybody is comfortable with a Legally Binding Signature on every random note they send. (Plausible deniability can be a good thing!) Not to mention being flamed in many mailing lists or newsgroups. Spammers would also love that. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Gemplus: http://www.gemplus.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage.
Re: Mail Security Spec 2
I prefer the original spec which appears to be option 1 with extra capabilities in the status bar. I actually don't mind option 3 too much either, but I know we've tried really hard not to add new toolbar buttons. I guess my main point is that I really dislike option 2 which is where my priority comment came from. If we really want it to be discoverable then I'd say go with option 3 because I don't think the original spec's design will be much more discoverable than option 1 even though it has more capabilities once you discover it. Scott Bob Lord wrote: Let me offer these observations. First, I've talked to many security aware customers who did not know that Communicator supported S/MIME. These same customers knew that Outlook Express supported S/MIME. Communicator did a great job of hiding the S/MIME controls so no one could find them. Outlook Express has Sign and Encrypt icons in the mail compose toolbar. Given how important security is these days I think it's important to improve the feature's discoverability. I think we can do that in a way that works with the rest of the UI. Second, users don't change priority settings often because doing so does not improve most communications. In fact, the idea is somewhat silly. :-) Almost all email marked HIGHEST priority in my mail is spam. So I would propose that security and priority are not similar in usage or importance. Question: do you prefer option 1 to the original spec where Sign and Encrypt are controlled by the small icons next to the Online icon? -Bob Scott Putterman wrote: I prefer option 1. Based on messages I receive and messages I expect that most users will receive, most people aren't changing the priority and security options on a regular basis. So I don't see any reason to put those options in such a prominent spot (whether below the attachments area or on the toolbar). I think putting it in the options menu in the main menu bar is where it should go and feedback should show on the status bar where it shows for everything other window. Scott Jennifer Glick wrote: In response to the original posting, Mail Security Spec news://news.mozilla.org/3BE067D8.E521F3E9%40netscape.com, some alternative ideas are posted here: http://www.mozilla.org/mailnews/specs/security/Options.html