On Mon, Aug 18, 2014 at 11:16 AM, Mike Hearn <[email protected]> wrote: > Hi Bruce, > > Nyms looks cool. It'd be nice if the website contained a more explicit > comparison against S/MIME and the existing PKI, as in many ways it sounds > quite similar structurally, just with different wire protocols.
S/MIME might seem attractive because it's already well supported by most email clients, but also baked into every S/MIME client is the legacy of X.509 certificate authorities. Replacing the trust model with an improved system would seem to require rewriting the S/MIME implementation in every client. I've also never understood how keys are supposed to be distributed for global communication in S/MIME or if there's even a standard way to do this. I mainly chose OpenPGP over S/MIME because I can extend it without depending on CAs to not reject certificates with new features and because I don't really understand everything about the behavior of existing S/MIME clients. Either way, I think throwing (mostly) everything away and starting over is going to be necessary. btw, Phillip Hallman-Baker is working on an S/MIME based system which also requires plenty of new infrastructure: http://prismproof.org/resources.html#specifications --brl _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
