> Mike and I were discussing this in private mail earlier this week... I'm > sure he'll have his own things to add, but after talking with him this is > my take on it:
That was a pretty good summary. If anyone wants to know more, feel free to ask me off-list. > To me the ideal solution to the bandwidth issue would be a system that > allowed you to send the whole key with the sig to certain people, and let > people request it from key servers in other cases (mailing lists). I could attach just a signature and leave out the certs when sending to certain mailing lists (using a hook to change smime_sign_command to toggle OpenSSL's "--nocerts" switch). However, this only decreases the smime.p7s size (after base64 decoding) from ~1700 bytes to ~650 bytes. I'm don't think there's any way to get an S/MIME signature that's anywhere near as small as a PGP signature. I know it's bad netiquette to waste other people's bandwidth, but i also think unsecure email needs to be deprecated as soon as possible. Suggestions? -- Mike Schiraldi VeriSign Applied Research
smime.p7s
Description: application/pkcs7-signature