On Mon, 1 Jul 2002 10:45:44 -0400 (EDT) Richard Welty <[EMAIL PROTECTED]> wrote: RW> the complexity is really all in the certificate handling. there's no RW> certainty when a message arrives that is signed and/or encrypted that you RW> have the certificates in hand needed to deal with it. if you have them, RW> then the rest of the work isn't so bad.
for me, this is the primary reason why s/mime is evil. As soon as you introduce certificates, this means you have to have a certificate authority. Self signed certificates don't even have a web of trust to fall back on. RW> good UI decisions here will determine whether or not S/MIME support would RW> be useful or ignored. I wholeheartedly agree. And I'll also add that the best UI for encryption is no UI. Encryption and decryption should happen automatically, invisibly, without any user intervention necessary. The reason I say this is from watching companies desperately try to institute good password practices only to create a run on post-it pads every time password changes were mandated. You could almost hear the keyboard flipping over in unison as people "hid" their new password. you are lucky to get people to type their password once on login and if you make them logout every day, they get really annoyed. Therefore, if you're going to try and get users to type a pass phrase when they e-mail messages you are going to encounter the same UI failure has existed with every encryption program since PGP was born. And antispam system I'm working on (www.camram.org) will add some form of 0 UI spam protection and encryption. In a strict form camram system, a mail message must have 1) a proof of work postage stamp, or 2) a signature from a key you have accepted. in order to make this work, public keys have no pass phrase, keys are passed automatically in mail messages as part of the header and therefore must be relatively small. Keys are also considered disposable and can change at anytime without revocation or any niceties. before you start sputtering about the weaknesses, they are recognized as part of the trade-off for a 0 UI system. There are also manual processes one can go through to strengthen the system such as out of band communication of key signatures etc. in any case, I think we both need access to the e-mail stream at the same points. On inbound e-mail, we need early access to the message, on outbound e-mail we need late access to the message (before transmission). ---eric ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Mahogany-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/mahogany-users
