mathew wrote:
On Jan 28, 2004, at 19:16, Yakov Shafranovich wrote:
Any ideas on what is the percentage of users that do not have S/MIME?
If MSFT, Mozilla, etc. and the other MUAs cover a virtual majority of
the market, and would cover a majority of users affected by the
phishing attacks, why aren't the banks deploying it?
Speaking as someone who's actually gone to the trouble of getting
S/MIME set up... I can think of at least two reasons:
1. It's a pain in the ass to set up. You need to go through an unpleasant
bureaucratic procedure to get your certificate, and there are
apparently
half a dozen different file formats and obscure tools needed to
convert
between them.
Bad documentation from your vendors have nothing to do with S/MIME.
2. It doesn't work. Just because client A and client B both claim to
support
S/MIME, doesn't appear to mean that client A and client B can exchange
messages.
A popular vendor broke their implementation of S/MIME, that was fixed years
ago and a simple upgrade will fix that.
No matter what solutions are chosen to combat spam, the vendor will have
to implement it correctly or things will not work.
S/MIME is not broken, the vendors may have broken implementations.
--
Doug Royer | http://INET-Consulting.com
-------------------------------|-----------------------------
Doug(_at_)Royer(_dot_)com | Office: (208)520-4044
http://Royer.com/People/Doug | Fax: (866)594-8574
| Cell: (208)520-4044
We Do Standards - You Need Standards
smime.p7s
Description: S/MIME Cryptographic Signature