Paul:
I do not completely agree with your assessment. I had a short email
exchange with Jon Udell, and I made the following points.
1. The article gives the impression is that S/MIME is broken, and this is
not the case. I would have been much happier with a title that conveyed
problems with certificate issuing services and the ramifications of poor
identity proofing. S/MIME is not the only security protocol that will
suffer if the identity in a certificate is bogus.
2. As far as S/MIME is concerned, the email address is the
identity. X.500 Distinguished Names are not helpful to the S/MIME
application, as there are not any protocol fields that make use of this
form of identity.
3. The fact that Outlook hides the only form of identity that is validated
is the biggest problem.
Now that a script has been posted, maybe we should put some stronger
language in MSGbis about the user interface.
Russ
At 05:36 PM 3/24/2004 -0800, Paul Hoffman / IMC wrote:
Greetings again. I wouldn't normally send "here's another S/MIME article"
messages to the list, but this author has done an excellent job of both
finding the problem and proposing solutions.
<http://weblog.infoworld.com/udell/2004/03/23.html#a952>
--Paul Hoffman, Director
--Internet Mail Consortium