ietf-asrg
[Top] [All Lists]

Re: [Asrg] Re: 2. Uselessness of C/R

2004-03-18 21:55:34
On Jan 28, 2004, at 19:16, Yakov Shafranovich wrote:
Any ideas on what is the percentage of users that do not have S/MIME? If MSFT, Mozilla, etc. and the other MUAs cover a virtual majority of the market, and would cover a majority of users affected by the phishing attacks, why aren't the banks deploying it?

Speaking as someone who's actually gone to the trouble of getting S/MIME set up... I can think of at least two reasons:

1. It's a pain in the ass to set up. You need to go through an unpleasant bureaucratic procedure to get your certificate, and there are apparently half a dozen different file formats and obscure tools needed to convert
   between them.

2. It doesn't work. Just because client A and client B both claim to support S/MIME, doesn't appear to mean that client A and client B can exchange
   messages.

In particular, if I sent myself an S/MIME message from work using Lotus Notes, Apple Mail can't read it. However, mail from Apple Mail to Lotus Notes verifies OK. I'm trying to interest our QA department in further investigation... Point is, it's still a rather flaky technology.


mathew
--
<URL:http://www.pobox.com/~meta/>

Attachment: smime.p7s
Description: S/MIME cryptographic signature