The authentication is for the benefit of ordinary users, not technical
specialists.
In your view, how should the system deal with a message that
has a broken signature? How should this problem be presented
to an ordinary user in a way that they'll understand, or at
least react safely? How will you avoid the web browser SSL
user interface disaster?
Mass should behave in exactly the same way that S/MIME should, treat a
broken signature in EXACTLY the same way that an unsigned message is
treated.
So would you say that this effort shouldn't aim to automatically eliminate
spam and phishing, but instead make it easier for users to manually
identify the < 10% of email that is legitimate?
Tony.
--
f.a.n.finch <dot(_at_)dotat(_dot_)at> http://dotat.at/
ARDNAMURCHAN POINT TO CAPE WRATH INCLUDING THE OUTER HEBRIDES: WEST BACKING
SOUTHWEST 7 TO SEVERE GALE 9. SHOWERS THEN RAIN. GOOD BECOMING MODERATE
OCCASIONALLY POOR. VERY ROUGH OR HIGH.