On Thu, 01 Nov 2001 15:25:06 GMT, Carl Ellison <[EMAIL PROTECTED]> allegedly wrote:
> To secure against this worst problem, we found that PGP had an > advantage over S/MIME, because S/MIME calls for the transmission of a > certificate chain with any signed message I don't think the inclusion of the certificates is a mandatory requirement, although I'm going from memory here :) > If, instead, you accept incoming > certificates, you are accepting certificates from the attacker, > chosen by the attacker to fool you into acting some way you shouldn't I would like to see an option to import the certificate into the local database, instead of it happening automatically as it does with Netscape 4.7. That way I choose which certificate I trust to belong to the entity that sent me the message. In addition, upon receipt of subsequent messages, I would like to be alerted if the certificate has changed for the same entity, and given the option to trust (and import) the new certificate, or reject it. > It would also be very good if the e-mail agent would have PGP support > built in alongside S/MIME, sine PGP users outnumber S/MIME users. I'd like that too. - Dave.
