Bob Lord wrote:
>
> 1. What aspects of S/MIME in Communicator 4.7 are confusing, hard to
> use, or deploy? How might we improve them in this new version?
I would like to see some support for S/MIME without certificates. IOW,
some way of indicating that if you get a message without a certificate
(or from a self-signed key, or whatever - I'm not a crypto expert), the
first message you recieve from them is still encrypted but cannot be
verified as being from the person it claims to be from. If you then ask
the user to verify by independent means that the message really did come
from the person it claims to (eg by sending a message back to them, or
by calling or speaking in person if applicable) you can then use
un-certified S/MIME with perfectly good security.
4.x (from what I've heard, and from my own experience of trying to set
up secure mail for myself without going out and giving all my personal
data to some third party that *I* don't trust) would give big scary
messages on any uncertified key, as if the mail wasn't secure or was
likely to be bogus. I'd like the UI and architecture to make it very
clear that this is in fact a perfectly valid way to use S/MIME, so long
as you trust the original message (either because it contained
information that only the relevant person would be privy to, or through
some other kind of independent validation).
(If you disagree with my assessment that this is a viable way for S/MIME
to work, remember that ssh works in essentially the exact same way, and
ssh is trusted by a lot of people to access systems across an untrusted
network. The theoretical MIM attack on the first connection is so
unlikely that most people don't worry about it at all.)
I'd also like to make sure that when S/MIME gets integrated, it is done
using the architecture proposed by sspitzer for mail encryption. This
would make it possible for the ALREADY WRITTEN code for PGP to be
plugged in, finally (see
http://bugzilla.mozilla.org/show_bug.cgi?id=22687 for more details).
Thoughts?
Stuart.
