Jeff Weinstein wrote:
Also keep in mind that many users will not have access to such a
repository, either because they have e-mail only connectivity, or
they are running offline when reading their mail. It seems like
a bad idea to build the assumption into S/MIME that everyone is
always connected to the global internet.
Well I for one use a dial up line so I can sympathise with the many
features that assume that one has a fast cheap permanent internet
connection and provide no offline browsing facilities.
However it should also be borne in mind that offline use also has
restricted bandwidth, not all users have S/MIME and of those that do not
all care if every message they receive is signed. For these a
significant amount of the data they receive (and money they expend on
the internet connection) is wasted.
This can give S/MIME a bad reputation and discourage people from signing
anything. All too frequently a new user's first experience of S/MIME is
being flamed for wasting bandwidth by signing everything in a public
mailing list or newsgroup. By contrast the more compact PGP signatures
seem to be tolerated more.
My initial proposal was not intended to make omitting certificates
compulsory. However since the v3 and v2 specifications allow them to be
omitted but don't provide an automatic or semi-automatic method to
retrieve them (other than a previous message including the certificate)
such a thing would be useful IMHO.
I would support the specification stating that an S/MIME agent either
SHOULD (or even MUST) give the user the option to not include
certificates in signed messages.
This need not imply that the recipient is online permanently or has
access to a permanent connection. Several options could be provided such
as automated retrieval when a user is online or semi-manual retrieval by
for example clicking on a "retrieve certificate" box. Alternatively
there is the possibility of an automated mailer for this purpose.
An often neglected aspect of S/MIME (and certificate use in general) is
that a signed message is only part of the story. The revocation status
of the signers certificates must also be checked. How many CA's provide
the facility to check revocation status offline? How many even
distribute CRLs and of those that do which include their distribution
point in certificate extensions? Precious few.
However no one (I hope!) is suggesting that every signed mail contain a
huge CRL to cater for this.
Steve.
--
Dr Stephen N. Henson.
UK based freelance Cryptographic Consultant.
Email: shenson(_at_)bigfoot(_dot_)com
PGP key: http://www.drh-consultancy.demon.co.uk/key.asc