Michael Str�der wrote:
>
> "[EMAIL PROTECTED] has an unknown certificate issuer" is a quite
> understandable status message.
I disagree. To a user unfamiliar with PKI, it's completely unclear
whether having an "unknown certificate issuer" is a trivial issue that
should be ignored, or a fundamental problem that renders the entire
email a probable fraud. The only thing the user can judge by is the fact
that his UA considered it important enough to throw up a dialog and ask
for confirmation - so the user, most likely, plays it safe and assumes
this is a fundamental problem.
(By the way, if presented with that particular message, I wouldn't know
what it means, even though I consider myself and advanced user and
understand many of the issues involved in PKI... I just don't know the
"jargon" well enough to be able to go from "certificate issuer" to "the
trusted third party that's supposed to sign all your keys in the S/MIME
security model")
A message that might be better would be "The signature on this message
has not been verified by any independent authority, so the signature
provides no guarantee that this message is really from [EMAIL PROTECTED] If
you can confirm that [EMAIL PROTECTED] really did send this message, you can
choose to trust future messages with the same signature by selecting
File->Trust This Certificate".
Remember, not only does the user probably not understand PKI, the user
*shouldn't have to*. Explain what the problem is - don't try to teach
the user PKI in the process.
> I can't see how it makes "self-signed
> certs unusable in practice". Yes, maybe the Mozilla implementors
> could add a quick button to display the fingerprint and ask the user
> whether to mark it as trusted or not (after enough warnings).
Why does it need so many warnings? As Ben pointed out, for almost all
non-business purposes, you don't need to validate that the key
corresponds to a real-world person, just that it's always the *same*
person you're talking to. One warning (like the one I gave above) should
be plenty.
[snip lots of technical details about S/MIME vs PGP, most of which seems
to boil down to "they're equivalent technology and the same problems
apply to both"]
I don't think that anyone would disagree with most of this; the
difference is that *as deployed*, PGP tends to be used in a model where
lots of people cross-certify each other and top-level CA certifications
are rare; S/MIME is the other way around. And S/MIME, as implemented in
UAs, seems to make it intentionally hard to use a PGP-like model of
trusting people that you know based on their own keys without any CA
being involved.
I think Ben and I are both aware that S/MIME can do this theoretically -
just nobody seems to have provided the infrastructure to do it.
> This is more or less your personal point of view suitable for a very
> limited sort of application.
>
[snip]
>
> Most of my e-mail traffic is business-related. Your mileage may
> vary.
This is more or less your personal point of view suitable for a very
limited sort of application. What proportion of email users, worldwide,
are employed by companies with over 10000 employees, even (number taken
from your example of "mass use"), let alone businesses that have 10000
employees in positions that require encrypted mail?. Is business-related
traffic really the only kind that's worth having security in? Should
cellphone companies only encrypt calls that are business-related?
> Let me tell you something: In my business nobody even considers
> deploying PGP at all. Never ever. If I'm hired as PKI consultant I
> don't even have to ask whether they want to deploy PGP or X.509. In
> large companies it will be X.509, nothing else. Your mileage may
> vary. Therefore your definitions for "masses" and "wide support" are
> probably *very* different from mine. My definition of mass use is
> that two companies with 10000+ PKI users are connecting their PKIs
> together via cross-certification or a bridge CA (which is a rare
> case off-course).
My definition of mass use is when I get an encrypted email from my
mother, who didn't even realize she was doing it because it was the
default in AOL.
> And what does that say about the relevance of PGP in *my* business?
Nothing. Nobody's saying your business doesn't have good reasons to use
S/MIME. But it's not a model that's suitable for use in the less
controlled environment of the "in-the-wild" internet that consists of
millions of tiny companies and individuals that can't afford the cost of
setting up a complex certification hierarchy of their own.
> I have absolutely no objections against adding PGP support to
> Mozilla. But you have to accept that even though dozen of MUAs are
> actually supporting PGP it might not be important at all for people
> deploying a PKI in a large scale.
Granted - so long as you remember that PGP is very important to a LOT of
people who *aren't* ever likely to "deploy PKI on a large scale", but
still want to *use* it.
> You should rather say: "PGP has such a large followership, solely in
> the open-source sector."
> Or a variant: "PGP has such a large followership, especially in the
> open-source sector because the open-source sector is full of people
> not looking at the market at all."
Bear in mind that your "market" may include companies with employees
numbering in the tens of thousands, but AOL has subscribers numbered in
the tens of *millions*. Getting PKI into large companies is a worthy
goal, but for me it doens't exactly qualify as getting it to the masses.
Stuart.
