Stuart Ballard wrote:
> While I appreciate that S/MIME is based on certificates, I think of that
> as a flaw in S/MIME, not a benefit. As you know, getting a certificate
> means giving all your information (and some money? I know it costs money
> for a secure website) to some big company that personally I don't
> particularly trust at all.
Exactly. To make matters worse, they are often publishing the data in
the cert (they do tell me about it, at least), without opt-out. This is
to allow to invalidate the cert later, but I may value my privacy more
in some cases.
> On the receiving end, *trusting* such a certificate means believing that
> the big company did due diligence in ensuring that the person it granted
> the certificate to was really you. But either the process of getting a
> certificate is even more intrusive than I thought (involving some form
> of checking against real-life records that a private company shouldn't
> even have access to, or physically taking my passport or drivers license
> to a BigCo office before they'd issue the certificate) or it didn't (in
> which case why am I supposed to trust it?).
Nice analysis of the situation.
Actually, both cases are true, to some extend. There are "Classes" of
certificates. Some require indeed physical attendance and a passport at
some CA POP, some just require read-access to a mailbox. The problem for
the recipient is that it is not immediately clear which checking method
was used.
With PGP, a CA can still sign the key (many CAs actually do this today),
so you have both benefits with PGP: Relative ease of setup and the
option for "stronger" trust.
