On Thursday, April 09, 1998 5:42 AM, Dr Stephen Henson
[SMTP:shenson(_at_)bigfoot(_dot_)com] wrote:
This can give S/MIME a bad reputation and discourage people from
signing
anything. All too frequently a new user's first experience of S/MIME
is
being flamed for wasting bandwidth by signing everything in a public
mailing list or newsgroup. By contrast the more compact PGP signatures
seem to be tolerated more.
I think that this is as a result of the persistence and patience of the
sending PGP user, and the patience of the receiving non-PGP user. There
is no argument that the actual signature data requires fewer bytes, but
PGP had the same problems in its infancy that S/MIME and HTTP enjoy now.
Based on my limited experience with the Internet, I've been flamed for:
1. Having a .signature with more than one line in 1986
2. Using MIME in 1992
3. Sending TNEF in 1993
4. Using PGP signatures in 1994
5. Using S/MIME signatures in 1996
Now part of that is because I'm a jerk, but part of that is because it's
the reactionary "aaah! It's new and scary and will make the world a
worse place!" The TNEF I apologize for, and I have fixed -- the other
ones I had to suffer through until people didn't complain.
I do apply selective judgement as to what messages to sign, however,
since the non-repudiation, integrity and authenticity attributes are not
necessary in most of my communications. This was something that Paul
pointed out also, I believe.
People have come to accept the
---- BEGIN PGP SIGNED MESSAGE ----
<signed stuff>
---- BEGIN PGP SIGNATURE ----
<signature stuff>
---- END PGP SIGNATURE ----
---- END PGP SIGNED MESSAGE ----
block in the middle of their text (which may phase out with the use of
PGP/MIME), much as they have come to accept
--
Joe Smith
Any Company
123 Main St
Boston, MA 02134
"He who makes long signature is doomed to be flamed" -- Unknown
at the bottom of messages. I don't see any reason why people won't come
to accept S/MIME and PGP/MIME signatures in the same way.
I would support the specification stating that an S/MIME agent either
SHOULD (or even MUST) give the user the option to not include
certificates in signed messages.
I would support MAY or SHOULD give the user the option.
Blake
--
Blake C. Ramsdell
Worldtalk Corporation
For current info, check http://www.deming.com/users/blaker
Voice +1 425 882 8861 x103 Fax +1 425 882 8060