On 4/24/05, Frank Hecker <[EMAIL PROTECTED]> wrote:
> This is almost totally at odds with the nature and requirements of
> personal email, and thus I understand the concerns expressed by Ian and
> others regarding the appropriateness of current S/MIME practice for
> personal email. For example, as I understand Ian he believes that
> encryption is much more important than signing for personal email. I
> understand this point of view: people want encryption of email messages
> for the same reason they send personal letters in envelopes, namely to
> discourage casual eavesdropping, while signing is much less important,
> both because people have other less formal ways to "authenticate" their
> correspondents and because they perceive the threat of a MITM attack as
> of miminal relevance.
The largest problem is to figure out interoperability issues between
Thunderbird and, say, MS Outlook and other S/MIME capable email
clients. Does anyone have the wherewithal to open a dialog with other
popular email client developers (Eudora, Outlook, etc) to discuss
issues associated?
(I would say that it's still necessary to sign the message for the
HMAC, but that's a separate concept from 'signing with identity',
which is what I perceive Ian as saying is irrelevant.)
I think that this is (another) user interface issue -- when you have a
CA involved, you can display the identity as certified at the top of
the window, under the menu bar. When you have a certificate on file
("in the address book") as being associated with a specific email
address (or two or three or four), you can display the relevant
associated name. But, I don't think that it should be impossible to
open a message from someone for whom you don't have an address book
entry -- if the certificate is included with the message (Outlook can
be configured to do this, at least; I use gmail's web interface for my
mail and don't use Thunderbird to figure out if it can), you already
have the key necessary for decryption. Just say "untrusted person,
stating that they are <[EMAIL PROTECTED]>" in the top bar, and refuse to
run the message itself through the HTML renderer if it's not in the
address book.
(And you could put a yellow "caution" sign icon in the bar up-top,
along with a "This message has been modified after it was sent"
message, if the message has been modified. Outlook's
red-text-on-black warning message for failed message verification is a
little bit excessive, I think.)
The idea being, of course, to make the standard operations much more
visible to the user, without being an intrusive and obnoxious beast.
Cordially,
Kyle Hamilton
_______________________________________________
mozilla-crypto mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-crypto