Philip Whitehouse <[email protected]> writes: > There's also the complication of S/MIME (requested and widely > supported on other clients) which provides a different form of > security to both SMTP/TLS and PGP/MIME
S/MIME and OpenPGP aim to solve mostly the same requirements with similar mechanisms, although there is different key management philosophy (a big point that bears on security properties). I've used PGP for a very long time, and recently gotten set up for S/MIME at work. It's been troublesome because of outright compatibility bugs (gnus/gpgsm vs outlook, not yet quite tracked down), but also key management. By default, and often not changeable, S/MIME clients expect to use the system trust anchor set to validate peer credentials. Even with a user-controlled machine and Free software, it's awkward to mark a single end-user cert as valid, because the protocol mentality is so strong about CAs. Android has this same problem about CAs; there's a built-in set and all are trusted. When you configure your own, you get a Big Scary Warning about how an "Unknown third party" could be "monitoring". But really that unknown third party is me, and I added the CA on purpose. The 100 CAs that are already there, that I have no basis for trusting, and some of which from that set have had compromises over the years -- no warning about that. Arguably this would be an OpenKeyChain issue (or whatever provider does S/MIME), not K-9, but when implementing S/MIME it would be great to allow the user to use the OpenPGP trust model with S/MIME mail and cert formats. > We will need to strike a balance between not overloading with icons, a > consistent design language and not over-warning for the common case. Agreed, and as I said in a ticket comment we also need to not be over-comforting. -- -- You received this message because you are subscribed to the K-9 Mail Users List. To post to this group, send email to [email protected] To unsubscribe, email [email protected] To report an issue with K-9 Mail, visit http://code.google.com/p/k9mail/issues/list For more options, visit this group at http://groups.google.com/group/k-9-mail --- You received this message because you are subscribed to the Google Groups "K-9 Mail" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
signature.asc
Description: PGP signature
