On Tue, Sep 28, 2010 at 11:36, Kai Engert <kaie(_at_)kuix(_dot_)de> wrote:
Wouldn't it help to introduce an universal mechanism that makes forgery
difficult, in order to make sender addresses in emails more reliable?
We already have S/MIME, which almost every common e-mail client supports (1).
Nobody (2) uses it. Hence I suspect that validating sender identity is
less valuable to people than you think. And I don't think that the
popularity of webmail clients which fail to support it is the reason;
rather, I think the reason that webmail clients don't support it is
that nobody cares.
I mean, even my bank doesn't care.
I presume that each of the previously proposed flavours of signing might
have had properties that made them difficult to be deployed universally.
For Apple Mail at least, once you have your certificate file you
double-click it and everything gets configured automatically; then you
can just check a box when composing e-mail in order to sign it. The
recipient doesn't have to do anything; the message will show up in
Thunderbird, Mail, Notes etc. as correctly signed.
So the biggest difficulty of S/MIME is that you need to go to a web
site and verify your ID somehow in order to get a certificate file
that you can feed to your e-mail client. That's pretty much a
fundamental issue independent of the specific technical
implementation. If you've thought of a way to avoid that issue, I will
be astounded.
There are some smaller difficulties, like buggy IETF mailing list
software that breaks the signatures, but those would probably get
worked out pretty quickly if people cared enough to use S/MIME...
mathew
[ (1) Including Microsoft Outlook, Microsoft Exchange, Mozilla
Thunderbird, Apple
Mail, BlackBerry phones, etc etc.
(2) Well, obviously a few people do. I've used it. But 99% of people don't. ]
--
<URL:http://www.pobox.com/~meta/>
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg