Graham Leggett wrote: >Anders Rundgren wrote: >> Secure e-mail should have been put at the server-level, then we would have >> had some base-level security that would cover 99% of all uses. But it >> didn't and therefore 80% of all messages are not even coming from the >> domain they claim. How very useful.
>There is no such thing as secure email at the server level. For an *organization* this is statement is principally wrong. For an organization the server is the only place where you actually can perform security operations including content checking in a cost-efficient way. That is, S/MIME encryption poorly addresses the needs of organizations while it is much too hard to use for consumers. Related message: http://www.imc.org/ietf-pkix/mail-archive/msg05036.html I didn't comment on the other stuff, because email is IMO no different than other Intranet or Internet activities which you may characterize as completely unsecure or rather secure depending on your "religion". Anders ------------------------------------------------------------------ Once the message has left your hands, it is written on a postcard, unless, before the message left your hands, you placed it in an envelope (PGP, SMIME, whatever). The problem of messages coming from the domain they claim to be from is also not solved by encryption, neither encryption on the client, or the server. If I wanted to write a letter, and sign your name at the bottom, and send that letter to somebody who might know you, there is nothing whatsoever you can do to a) stop me doing this, or b) even know that I did this. Thus digital signatures. If I trust your signature, or if I trust the CA that trusts your signature, then I trust the message came from you, and not someone pretending to be you. Thus the wider issue of trust. Do I trust the CA who signed your certificate? Securing email is so much more than just encryption. Regards, Graham -- ----- Original Message ----- From: "Graham Leggett" <[EMAIL PROTECTED]> To: "mozilla's crypto code discussion list" <[email protected]> Cc: "Bob Relyea" <[EMAIL PROTECTED]> Sent: Tuesday, November 18, 2008 20:01 Subject: Re: Slamming S/MIME. Re: How-to guide for email encryption _______________________________________________ dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto _______________________________________________ dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
