> I dispute his conclusion that a failed signature means that the message will > be thrown in the trash. Most filters (and certainly any compliant with the > criteria being discussed) would quarantine mail with a failed S/MIME > signature rather than discard.
That's a bit like saying that "most ISPs" would quarantine mail from dubious sources rather than simply rejecting it or discarding it. I agree with you that it's more robust to quarantine suspect mail than to discard it, but the latter practice is already widespread. > The second point I would make is that the mailing list software is not > immutable. In fact mailing list software is likely to be rapidly upgraded to > support anti-spam filters very quickly since the manual anti-spam moderation > is a significant burden on the list admin. What you cite as "fact" may not be supportable. When a dozen or more intermediaries might be involved in the handling of a message from sender to recipient, and when many of these intermediaries leave little clue about what modifications they might have made to a message (firewalls and virus filters typicaly don't even leave a received field), it's difficult to track down the culprits, even more difficult to get the vendors of those products to fix them, and still more difficult to get the fixes deployed. > The problem of broken, obsolete MUAs that do not support S/MIME cannot be > allowed to represent a veto. Perhaps not, but it does seem useful to realize that such MUAs exist. > I have no time at all for > so-called technologists who refuse to eat their own dog food. Welcome to the real world. A huge number of so-called technologists are forced to use Windows and Exchange even though they know better.
