[Top] [All Lists]

RE: Goal for S/MIME 2007?

2007-01-22 19:55:05
At 10:00 AM 1/22/2007, Kemp, David P. wrote:

I agree that this won't happen anytime soon.  TLS server certs are
widely deployed now, unlike client certs.

TLS does not provide the level of protection that server-to-server S/MIME tunneling does. E.g, what happens if a server that uses TLS is temporarily unavailable and the backup server (or the backup thereof) doesn't have TLS? Will your mail server store all messages until a TLS server is available? Do system administrators manually check validity of all TLS certs, like when one expires and a new one is installed? I doubt it.

S/MIME encryption
to server certs could be made usable, but what is the business
case?  Encryption might as well be done at the transport layer,
with data at rest protection (keeping those credit card numbers
on laptops secret) being a local matter.  There is a far stronger
case to be made for S/MIME signing than for S/MIME encryption.

I couldn't agree more. That's what we see in the market. However, more wide spread use of S/MIME signing creates a business case for S/MIME encryption, as more and more certs are out there to be used.


Izecom BV
Secure e-mail and digital signatures

Attachment: smime.p7s
Description: S/MIME cryptographic signature

<Prev in Thread] Current Thread [Next in Thread>