Stuart Ballard wrote:
> I would like to see some support for S/MIME without certificates. IOW,
> some way of indicating that if you get a message without a certificate
> (or from a self-signed key, or whatever - I'm not a crypto expert), the
> first message you recieve from them is still encrypted but cannot be
> verified as being from the person it claims to be from.
This won't work.
In order for me to send you mail that other people cannot read, I need
your public key. Whether that key is embedded in an S/MIME certificate
or a PGP key is irrelevent, I need something from you first that I can
verify is yours before I can encrypt mail to you. Without that key you
cannot encrypt.
> (If you disagree with my assessment that this is a viable way for S/MIME
> to work, remember that ssh works in essentially the exact same way, and
> ssh is trusted by a lot of people to access systems across an untrusted
> network.
SSH doesn't work this way - it too uses a public private key, which is
typically generated once when the connection is first established
between two machines. From a risk perspective there is only a risk on
the first connection, but then the user was expecting a key exchange so
the risk is minimal.
Regards,
Graham--
-----------------------------------------
[EMAIL PROTECTED]
"There's a moon
over Bourbon Street
tonight..."
