ietf-smime
[Top] [All Lists]

RE: Reducing signature sizes.

1998-04-09 15:40:53
On Thursday, April 09, 1998 5:42 AM, Dr Stephen Henson
[SMTP:shenson(_at_)bigfoot(_dot_)com] wrote:
This can give S/MIME a bad reputation and discourage people from
signing
anything. All too frequently a new user's first experience of S/MIME
is
being flamed for wasting bandwidth by signing everything in a public
mailing list or newsgroup. By contrast the more compact PGP signatures
seem to be tolerated more.

I think that this is as a result of the persistence and patience of the
sending PGP user, and the patience of the receiving non-PGP user.  There
is no argument that the actual signature data requires fewer bytes, but
PGP had the same problems in its infancy that S/MIME and HTTP enjoy now.
Based on my limited experience with the Internet, I've been flamed for:

1. Having a .signature with more than one line in 1986
2. Using MIME in 1992
3. Sending TNEF in 1993
4. Using PGP signatures in 1994
5. Using S/MIME signatures in 1996

Now part of that is because I'm a jerk, but part of that is because it's
the reactionary "aaah!  It's new and scary and will make the world a
worse place!"  The TNEF I apologize for, and I have fixed -- the other
ones I had to suffer through until people didn't complain.

I do apply selective judgement as to what messages to sign, however,
since the non-repudiation, integrity and authenticity attributes are not
necessary in most of my communications.  This was something that Paul
pointed out also, I believe.

People have come to accept the

---- BEGIN PGP SIGNED MESSAGE ----
<signed stuff>
---- BEGIN PGP SIGNATURE ----
<signature stuff>
---- END PGP SIGNATURE ----
---- END PGP SIGNED MESSAGE ----

block in the middle of their text (which may phase out with the use of
PGP/MIME), much as they have come to accept

--
Joe Smith
Any Company
123 Main St
Boston, MA 02134

"He who makes long signature is doomed to be flamed" -- Unknown

at the bottom of messages.  I don't see any reason why people won't come
to accept S/MIME and PGP/MIME signatures in the same way.

I would support the specification stating that an S/MIME agent either
SHOULD (or even MUST) give the user the option to not include
certificates in signed messages.

I would support MAY or SHOULD give the user the option.

Blake
--
Blake C. Ramsdell
Worldtalk Corporation
For current info, check http://www.deming.com/users/blaker
Voice +1 425 882 8861 x103  Fax +1 425 882 8060


<Prev in Thread] Current Thread [Next in Thread>