[Top] [All Lists]

Re: A good article on S/MIME implementation problems

2004-03-25 05:46:12


I do not completely agree with your assessment. I had a short email exchange with Jon Udell, and I made the following points.

1. The article gives the impression is that S/MIME is broken, and this is not the case. I would have been much happier with a title that conveyed problems with certificate issuing services and the ramifications of poor identity proofing. S/MIME is not the only security protocol that will suffer if the identity in a certificate is bogus.

2. As far as S/MIME is concerned, the email address is the identity. X.500 Distinguished Names are not helpful to the S/MIME application, as there are not any protocol fields that make use of this form of identity.

3. The fact that Outlook hides the only form of identity that is validated is the biggest problem.

Now that a script has been posted, maybe we should put some stronger language in MSGbis about the user interface.


At 05:36 PM 3/24/2004 -0800, Paul Hoffman / IMC wrote:

Greetings again. I wouldn't normally send "here's another S/MIME article" messages to the list, but this author has done an excellent job of both finding the problem and proposing solutions.


--Paul Hoffman, Director
--Internet Mail Consortium

<Prev in Thread] Current Thread [Next in Thread>