Paul Wrote:
In fact, I think you are overestimating when you suggest that today's
deployed S/MIME v2 applications don't allow them. At the S/MIME
testing at
MailConnect 3, I heard that some vendors accepted self-signed certs,
and
others didn't. Deming, Microsoft, Netscape, and other developers are
encouraged to jump in here and say what their shipping receiving MUAs
do
when mailed a self-signed cert.
My feeling on this, and one that is backed up by management at
Microsoft, is that Microsoft does not want to even think about the
responsability of deciding on what basis a Certificate Authority should
be judged and then try and do the necessary follow up work in order to
make sure that the standards are being held to. Not only is this a
problem from the standpoint of manpower, but it is also a legal
liability in the event that it messed up by somebody and money changes
hands.
In the end the user MUST be the one resonsible for make the judgement
call about what is and is not a good CA for their purposes. This
judgement call will be a much different basis for a bank or store where
money and liability are going to change hands, than in the case where my
mother is deciding as to wheither the message was really sent by my
sister where information about the certificate (self-signed perhaps)
could be send on the side. (It may also be that she doesn't really care
in most cases about wheither it really is my sister as long as it can
reasonibly be assumed to be my sister.)
On this bases we (the S/MIME working group) cannot make a statment as to
how the root of all trust should be decided. I think that Paul may not
be far off base with the comment that it makes sense to put something in
the security considerations, but it does not belong in the base of the
specification.
jim schaad
Microsoft Outlook