Nelson B. Bolyard wrote:
> Stuart Ballard wrote:
>
>> secure mail is a closed book to most people.
>
> But I suspect we disagree about the reasons for this.
> I think the problem is that most people don't understand
> the role certificates play in secure email, and that they need to get
> certificates to enjoy the secure S/MIME that's already built into
> Communicator (and into Outlook Express, for that matter).
Right, for S/MIME, you need to get a certificate from a CA, if you don't
want the recipient to see an "Invalid" msg in his software. Since these
certs cost(ed) money and often also have other obstacles (like published
name and email address), this is a hurdle for many. Not even starting
with the hassle it costs for the user to obtain a cert from a CA.
Also, I very often heard that Outlook Express bails at signed/encrypted
mails generated by Messenger 4.x. This alone can be a show-stopper.
PGP does not have these problems, but has the problem of inferiour
support in the mainstream email clients.
> Your message talks about public and private keys, but never about
> certificates. This makes it pretty clear that you're thinking about the
> PGP modem of secure email. S/MIME is based on the use of PKI, that is,
> certified public keys. Generating a public/private key pair happens
> automatically when enrolling for a public key certificate. There is a
> "Get a Certificate" button in Communicator's UI.
I have to agree with Stuart here: The non-existant need for a
third-party can make things substantially easier for the user.
At least when you live in an online world, where you don't have to know
that Stuat Ballard is really Stuard Ballard in the real world, but that
the guy you know as Stuart Ballard is always the same.
>> Also, the installation process should offer to generate you a
>> public/private keypair (or to import one you already have).
>
> Again, this is the PGP way of doing things.
At least in the hobbyist scene, PGP has much more backing anyway.
(Simply count the clients that support PGP and those that support S/MIME.)
Companies still can do things as they did before. It's the private users
and smallbiz we need to concentrate on here IMO.
>> The idea of "Send an email with my public key in it" and "Automatically
>> harvest public keys from incoming email" is to make it trivial to
>> exchange public keys.
>
>> This initial exchange may not be particularly
>> secure
>
Why not?
Note: Storing keys does not necessarily mean that you trust them and
vice versa.
> The operative word you used above is "trust". Certified public keys
> (a.k.a. public key certificates) is a much stronger basis for trust than
> an insecure email message that claims to be from someone you know.
>
> PGP's model may be OK for use among friends who contact each other by
> means other than email.
See above.
> In the business world, where much correspondence
> and communication takes place with people with whom you have no other
> contact, a strong basis of trust that doesn't require alternative
> communication channels and relationships is required.
And where you need some proof about the data in the cert.
Note that I can get a <[EMAIL PROTECTED]> address, call myself Marc
Andressen and get a low-level cert from a CA for that identity. Unless
the recipient checks the certificate details and knows what "Class 1"
means, he might think I actually were Marc, 'because I have a cert'.
Xplo, that is another example where knowledge is required at the user side.
