On Tue, Mar 04, 2003 at 12:50:25PM +0530, Prasenjeet Dutta wrote:
It could also be because most PKI infrastructure is based on the X.509
model, which (though scalable) requires folk needing a certificate to
cough up cash to CAs like Verisign. Also, for secure personal
communication (as opposed to electronic commerce), PGP has been arguably
far more popular than S/MIME. Especially given its free, bottom-up 'web
of trust' model, PGP may well succeed where the top-down X.509 has
not.
PGP (as we know it) will never do this job, since it lacks the
structure that X.509 has. PGP trust is based on a cloud of friends and
acquaintances, you will never get a working trust structure covering
the world wide email network.
Again, what is the goal of using TLS for email? Securing the messages?
That opens up a new battle with the monitoring agencies. Or is it (from
the anti-spam point of view) to let SMTP servers non-repudiably identify
themselves? If this is the goal, then it can be done with far less
overhead than TLS.
You miss the point. I didn't discuss the goal of TLS.
What I wanted to say: That is a mechanism that already is
implemented and widely spread. No need to install new software.
And even that one is rarely used, because cryptography is still
to complicated for most mail admins. The very same problem
will apply to the S/MIME approach once it is used outside a
centralized organisation like the NZ gov.
Secondly, the NZ S/MIME doesn't provide end-to-end security, only
relay-to-relay. The same effect can be achieved with TLS. TLS is
already available, but people simply don't use it.
Digital signatures inserted by the *server* (not by the user, who should
not have to bother with the complexity of this) to identify *itself*,
using an RFC 2440 infrastructure, may be more successful in making
individual SMTP servers identifiable and accountable for what they spew
onto the Internet. Consider this fragment:
Again, you will never get a working PGP infrastructure reliably
covering the whole e-mail world.
Hadmut
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg