On 12/02/2024 21:57, Dave Crocker via mailop wrote:
While it has gained respectable amounts of implementation in MUAs, it has achieved use only in specialized environments. Any technology with a record that poor should be treated extremely skeptically, when considering future use
I've described one of the reasons why that's the case. The other reason is probably the fact that key management is incredibly difficult. Which is also probably why it has seen adoption in environments that simplify it - large organizations or entire countries. Both of these aspects have seen advances recently, the CA/B Forum S/MIME baseline and implementations for synchronizing cryptographic keys (currently in the form of Passkeys).
In the end email is not going anywhere in the next 10-20 years, it would be relatively short-sighted to assume that the expectations about communications integrity will not increase. If that demand is not satisfied somehow then we can only hypothesize about the potential outcomes.
BIMI is a marketing protocol, for promoting brand logos. What anti-abuse benefit do you believe accrues with its use, and how exactly do you believe it will achieve that?
It's a bit more than that, but I'm not going to debate that.A combination of identity validated S/MIME certificate and organization validated BIMI provides rather strong guarantees about the signer of a letter. It would also probably ameliorate the cost of the validation processes and simplify programmatic validation. If you find BIMI expensive you should see how much a proper S/MIME deployment costs... This is all assuming that an organization aims to get all their ducks in a row.
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
