[Top] [All Lists]

Goal for S/MIME 2007?

2007-01-21 02:23:42
Still waiting for a response...

----- Original Message ----- 
From: Anders Rundgren 
To: ietf-smime(_at_)imc(_dot_)org 
Sent: Saturday, December 23, 2006 10:36
Subject: Goal for S/MIME 2007?

Today I concluded that my mail-box with 120 fresh messages constituted of about 
110 messages where the sender address is either falsified, or is coming through 
a hijacked computer.

In my opinion S/MIME is the primary culprit for this unbearable situation.

That Windows have showed some weaknesses with respect to virus attacks is 
undoubtedly true, but viruses would also have had a much less impact if we have 
had a useful e-mail security architecture.  The same goes for phishing, not to 
mention spam.

A do believe that the designers of S/MIME did what they could back in the 
90'ties.  However, now when we know better [*], shouldn't these guys who 
indirectly contribute to an annual waste of BILLIONS of good working hours from 
the Internet community rather try to create a system that to some extent 
compensates for the mistakes done in the past?

DKIM is a step in the right direction but it does not address confidentiality.  
That DKIM was designed to support people who want to run their own mail-servers 
but cannot afford a domain-certificate is also a bit off since these entities 
represent at most 0.1% of today's Internet users.

Anders Rundgren

- Client certificates are [still] uncommon
- Encryption at the desktop by consumers does not work
- Security administrators want central policy handling
- Trusted third-parties is the norm (from your employer to Google)
- You cannot send an encrypted e-mail to the IRS and you probably never will
- e-mail encryption is incompatible with many organizations' internal policies
- Security should be transparent, default, and non-intrusive
<Prev in Thread] Current Thread [Next in Thread>