Why are so few people using either of these security
methods, when they at the same time complain of the
lack of security in e-mail.
It would be trivial for me to turn on S/MIME signing in my MUA, and as the
signing certificate travels with the signed mail item, there is no
receiver certificate look-up required. So far so good. The problem is with
the certificate. At what price do I acquire one, and how confident can a
recipient be of its veracity. I can create my own self-signed root
certificate at no cost (this approach works fine for SSL/TSL based
encryption), but any old forger could also do that. If I physically handed
a correspondent my self-signed root certificate in a face-to-face meeting,
then we'd be all set, but how scalable would this be? The answer is not
very. I could acquire a certificate from a trusted third party (assuming
my correspondents and I could agree on one), but how will this third party
(or their delegate) insure the veracity of my claim. They will have to
operate very stringent controls and at a commensurate cost. So we're
stuck. We know how to employ signing certificates across a single
organization, and how to extend them in a pair-wise fashion (via cross
certificates) to a limited number of other organizations, but beyond that
I would argue we're stuck. Other may disagree. I'd love to be wrong on
this one.
Nick, you know darned well you're square on target with this assessment.
Indeed, I've heard it argued that this is why our entire approach to
public key infrastructure needs to be rethought.
Ned