S/MIME gives a much higher degree of assurance that the message is
from an authentic recipient than C/R with zero UI overhead. If you whitelist
after the initial C/R you have a very weak authorization system.
Why would it be weak?
If during the challenge response system keys were exchanged (if the
challenge were met) so that I could verify through a digital signature that
it actually came from the whitelisted individual then it would be very
secure. Furthermore, if the whitelisting occurred based on a signed key in
the header then the user could use multiple mail clients -- each with the
same key/signature and pass the whitelisting test from all the people he
has communicated with in the past.
So given that a challenge response system could be set up complete with
cryptographic authentication, it should be very secure. Where am I wrong?
You mention that Outlook and Lotus already have S/Mime already in place.
Are you also saying that because if this, I get spammed since I am using
Eudora and that Outlook and Lotus users do not?
-Art
--
Art Pollard
http://www.lextek.com/
Suppliers of High Performance Text Retrieval Engines.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg