On Sat, Sep 7, 2013 at 1:48 PM, Yaron Sheffer <[email protected]> wrote:
> Hi Stephen, > > In fact I believe S/MIME is not usable today for economical reasons, > rather than technical ones. > > - Big mail providers are in the business *because* they can snoop your > mail. > - They have enough resources to make the user experience of Web mail > better than that of dedicated email clients, even though from a technical > point of view this is absurd. > - People are happy with Web mail, and are not interested enough in e2e > encryption to create a market. > - Thus the sorry state of the market for email certs, as my experiment > shows. > > From a technical point of view, I think S/MIME is a very good starting > point. > > I have no idea how to break out of the economical bind. I just hope that > the current situation will create enough demand to inject some life into > this market. > > BTW, S/MIME is not even usable for small enterprises, for two reasons: > First because you'd need to install the CA cert on all sorts of mobile > devices, which is hard when you don't have dedicated IT. And second, > because you don't want an email that you send outside the enterprise to > generate scary "unknown certificate" warnings on the recipient's client. > > S/MIME with DANE would alleviate this problem if organizations were > allowed to generate their own certificates, including email certs, and have > them chained to the DNS root of trust. I don't know if DANE supports this > usage scenario by default. > DANE and any DNS based scheme is going to require a level of administrative action that is infeasible for a per-user based approach. DANE with STARTTLS is very different because the mail server DANE records can be configured at the same time as the MX, SPF and DKIM records. -- Website: http://hallambaker.com/
_______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
