ietf-asrg
[Top] [All Lists]

Re: [Asrg] Re: 2. Uselessness of C/R

2004-01-28 17:24:19
Hallam-Baker, Phillip wrote:
While we are on the topic of S/MIME: currently majority of MUAs have S/MIME support built-in including root certificates. Why is that no banks or financial companies that are suffering from "phishing" attacks, consider signing their email via S/MIME?


I know several banks that are considering it. The disadvantage is that there
are email users with MUAs that don't handle S/MIME. The big problem is that
Eudora is effectively an orphan code-base with little serious development
work.


Any ideas on what is the percentage of users that do not have S/MIME? If MSFT, Mozilla, etc. and the other MUAs cover a virtual majority of the market, and would cover a majority of users affected by the phishing attacks, why aren't the banks deploying it? It would be easier to tinker with the edges of the network, rather than the center.

There is a private working group looking at this. Yahoo! Domain keys looks
like a better fit for what it is intended to achieve.


Wouldn't a profile of S/MIME that stores keys in DNS achieve essentially the same thing?

Yakov
-------
Yakov Shafranovich / asrg <at> shaftek.org
SolidMatrix Technologies, Inc. / research <at> solidmatrix.com
"Power tends to corrupt, and absolute power corrupts absolutely" (Lord Acton)
-------


_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg



<Prev in Thread] Current Thread [Next in Thread>