On Mon, 2014-06-09 at 13:49 -0400, Larry Finch wrote: >On Jun 9, 2014, at 1:18 PM, Murray S. Kucherawy <[email protected]> wrote: > > My understanding is that (a) it's too hard for users to understand > > how to set it up and how to respond when problems occur,
What is there to set up? If your MUA shows you that this message is signed with a trusted certificate, you're sorted. If you're in the minority (or so I believe) for whom that isn't displayed, then boo; you're one of the few for whom S/MIME signatures as a matter of course would achieve nothing. But they don't *hurt* you either. > I think that is the reason. Users for the most part are trusting. If > an email says it comes from their bank they believe it. Most banks > have gone to great lengths to make it easy to verify that a message > really comes from the bank, such as including an account balance, or > the last N digits of the account number. I've never seen an account balance, but I've seen some truly stupid things. I've seen a partial postal (zip) code, which is not a secret and is available to fairly much anyone with access to the electoral roll or similar data sources. I've seen "last 4 digits of your credit card number", which are often found printed on credit card receipts on the basis that 12 asterisks followed by 4 real digits isn't a security threat... which it wasn't, until the banks started using those last 4 digits as if they were a secret. I've seen partial bank account numbers too, which is *completely* insane given that bank account numbers are on the bottom of every cheque you write, and have never been considered "secret" except by the truly paranoid. There is fairly much *nothing* that is sane to put into an unencrypted email, that truly serves to identify the sender. Except a cryptographic signature. I just don't see any reason for that class of mail sender *not* to be signing mail with S/MIME as a matter of course. > User education (if that is possible) is the best defense. That's why S/MIME (and not PGP or anything else) appears to be the simpler option. It uses the same X.509 certificate authorities that the users have to handle if they're going to use online banking and similar tools anyway. Yes, users are crap at that too, but at least it's something they're *already* crap at, instead of something new for them to misunderstand. If users don't have sane certificate authorities installed and can't tell when their web browser is on a bogus site, the game was fairly much already lost *anyway*. And if that *does* work well enough in the context of HTTP, it can work for mail too. -- dwmw2
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
