On Jan 28, 2004, at 19:16, Yakov Shafranovich wrote:
Any ideas on what is the percentage of users that do not have S/MIME?
If MSFT, Mozilla, etc. and the other MUAs cover a virtual majority of
the market, and would cover a majority of users affected by the
phishing attacks, why aren't the banks deploying it?
Speaking as someone who's actually gone to the trouble of getting
S/MIME set up... I can think of at least two reasons:
1. It's a pain in the ass to set up. You need to go through an
unpleasant
bureaucratic procedure to get your certificate, and there are
apparently
half a dozen different file formats and obscure tools needed to
convert
between them.
2. It doesn't work. Just because client A and client B both claim to
support
S/MIME, doesn't appear to mean that client A and client B can
exchange
messages.
In particular, if I sent myself an S/MIME message from work using Lotus
Notes, Apple Mail can't read it. However, mail from Apple Mail to Lotus
Notes verifies OK. I'm trying to interest our QA department in further
investigation... Point is, it's still a rather flaky technology.
mathew
--
<URL:http://www.pobox.com/~meta/>
smime.p7s
Description: S/MIME cryptographic signature