--- Andrew Newton <andy(_at_)hxr(_dot_)us> wrote:
Based on the descriptions given by James and George, it seems I could
implement an S/MIME solution with dig, reformail, and openssl using a
simple script.
Which I strongly suggest you do. I for one will need to see overwhelming
evidence that a dig/reformail/openssl combo comprehensively manages the
perimeter identification and de-encapsulation issues.
Hand-waving that it's a non-issue or that it works in a small, well-controlled
environment is no where near sufficient comfort factor for the
dis-enfranchising risks it presents to the email systems I manage.
If there is a disruption risk, then large conservative email players will be
the very last people that turn it on - if then. Please, not another
chicken-and-egg solution.
Actually I find the subject line somewhat bizarre. People seem more worried
about introducing a new signature protocol and less worried about imposing a
new Internet email format on the whole planet. Who's interests should come
first here?
Mark.