ietf-822
[Top] [All Lists]

Re: RHijacked Addresses

2002-08-09 13:30:42

At 10:39 AM +0200 8/9/02, Marc Mutz wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Monday 05 August 2002 18:30, Paul Hoffman / IMC wrote:
 At 8:49 PM +0200 8/4/02, Jacob Palme wrote:
 >I am not a security expert and do not understand why.
 >Possible causes could be:
 >
 >- Competing standards where unity is needed.

 Not true for email. S/MIME has been built into most widely-used MUAs
 for many years; almost no one uses it.

Oh, and is that any wonder? S/MIME combines the wonderful properties of
non-interoperability, complexity, too vague standards and overly high
costs. Of course, those properties are not independent of each other:

E.g. the high costs come from interop tests that _any_ company must
beform for itself after choosing a profile.
Non-interoperability comes from the vague standards wording and the
complexity.

Um, which S/MIME clients have you found that don't interoperate for typical email? FWIW, I have seen much more discussion of PGP clients not interoperating than for S/MIME clients, but that might be due to the higher amount of use of PGP among developers.

There must be a reason why so many PKI projects fail to succeed.

True, but it is not necessarily due to lack of interop. The lack of understanding of trust, and the mistrust of trust, rate very high there.

 > Complex, yes; expensive, no. But the complexity hasn't prevented them
 from being widely deployed with quite good interoperability.
<snip>

If you are talking about S/MIME, I fail to see where "good
interoperability" lies.

Outlook, Netscape, and Lotus Notes.

--Paul Hoffman, Director
--Internet Mail Consortium

<Prev in Thread] Current Thread [Next in Thread>