Tumbleweed Chief Executive Jeff Smith says there's a lot of
misunderstanding about
S/MIME, because it was created as a desktop encryption technology. He
argues it's
also simple and cost-effective to use as a gateway authentication
technology, and
that its quality advantages make it the best choice. Tumbleweed would
like to work
with Yahoo to merge their technologies.
S/MIME gateway software in the context of a 'closed-community' is a
proven method of authenticating the sending domains of e-mail messages
and has been effective at blocking increased volumes of spoofed e-mail
messages (providing they were sent from a participating domain). And of
cause using S/MIME encryption protects one from in-transit eavesdropping
too!
Applying what is quite managable in a 'closed-community' for an
Internet-wide deployment would be somewhat more challenging though.
Particularly around certificate deployment, trust-chains and
auto-discovery (assume DNS for internet-wide; a 'closed-community' could
use LDAP). I think that is why domain keys proposes to trust DNS data as
being authorative without any further validation.
Craig.