Paul:
1. The article gives the impression is that S/MIME is broken, and this
is not the case. I would have been much happier with a title that
conveyed problems with certificate issuing services and the ramifications
of poor identity proofing. S/MIME is not the only security protocol that
will suffer if the identity in a certificate is bogus.
We disagree that the article gives the impression that S/MIME is broken.
Reading it, I came away with the impression that some S/MIME
implementations are broken. Maybe I've been working with this too long and
I know that S/MIME isn't broken.
The title implies that S/MIME is broken.
2. As far as S/MIME is concerned, the email address is the
identity. X.500 Distinguished Names are not helpful to the S/MIME
application, as there are not any protocol fields that make use of this
form of identity.
Exactly right. The fact that Thawte asks for, and some S/MIME applications
use, it shows a disregard for the standard. They are blatantly ignoring
the SHOULD NOT.
Agree.
3. The fact that Outlook hides the only form of identity that is
validated is the biggest problem.
Absolutely true, and pretty clear from the article.
Yes. So, the title of the article could have been more descriptive of the
real issue.
Now that a script has been posted, maybe we should put some stronger
language in MSGbis about the user interface.
That would be nice.
Maybe the editor can generate some proposed text.
Russ