But, assuming that Mozilla warns me when I get an email from a known recipient (with a known certificate), but with a new certificate, and I'd optionally check the fingerprint when needed, S/MIME could work, right? Or am I missing something?
Bingo, most CAs only require you to supply a CSR, not the private key, in any case if you check the fingerprints of certificates trusted or not and verify they are who they say they are you should be ok. ***BUT*** the thing is how many people actually do that? not many? they look at the icon, it's locked there was no warning messages, all is fine right?
They've been given just enough rope to hang themselves with...
hm? That's a question of UI, not security.
If you give a person all the tools and a jack and a spare tyre why does roadside assistance still get called out? :)
-- Best regards, Duane
http://www.cacert.org - Free Security Certificates http://www.nodedb.com - Think globally, network locally http://www.sydneywireless.com - Telecommunications Freedom http://happysnapper.com.au - Sell your photos over the net! http://e164.org - Using Enum.164 to interconnect asterisk servers _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
