Ben Bucksch wrote:
>
> Authentication method; PGP
>
> Note that the authentication method that is probably intended as the
> primary method - the authentication in person, with a official legal
> paper like a passport, in a CA POP - is not applicable for the masses,
> unless it gets strong support from other sources (like the government
> pushing smart cards for citizens). The usual Netscape user won't go to a
> CA POP, just to be able to sign/encrypt mails. For them, email
> authentication is enough, because it ensures that the one Ben Bucksch
> they know (via email) is always the same.
Well, you can mark any certificate of another person as trusted for
e-mail in Communicator. You can validate that certificate by
fingerprint in prior to using it. I call that playing web-of-trust
with X.509 certificates like PGP (peer-to-peer PKI). It is already
possible and should be possible in the future.
You can grab a certificate tool (e.g. OpenSSL) and create key pairs
and issue certificate, stuff that into PKCS#12 and import it and
you're done. I agree, that one might consider that such a mechanism
could be integrated into Mozilla. But that seems to be more a PSM
issue than a S/MIME issue to me.
> That's why I think that PGP is more suited for the masses.
I think this assumption is not that generally true. Even though PGP
people repeat it all the time. In my experience most users will not
verify any PGP fingerprint. That's exactly the reason why it seems
to be more suitable for the masses but it's not. It fails as
miserably as the opposite vision to have one globally working X.509
PKI. The truth about proper PKI deployment lies in between both
extreme positions and depends on your special deployment scenario.
> See also earlier thread about PGP vs. S/MIME.
This was discussed to dead so many times. IMHO the PGP people always
have the attitude to have the *right* solution without providing any
bullet-proof arguments.
> > How might we improve them in this new version?
>
> Drop S/MIME, use PGP ;-P.
Certainly not.
Ciao, Michael.
