At 10:00 AM 1/22/2007, Kemp, David P. wrote:
I agree that this won't happen anytime soon. TLS server certs are
widely deployed now, unlike client certs.
TLS does not provide the level of protection that server-to-server
S/MIME tunneling does. E.g, what happens if a server that uses TLS is
temporarily unavailable and the backup server (or the backup thereof)
doesn't have TLS? Will your mail server store all messages until a
TLS server is available? Do system administrators manually check
validity of all TLS certs, like when one expires and a new one is
installed? I doubt it.
to server certs could be made usable, but what is the business
case? Encryption might as well be done at the transport layer,
with data at rest protection (keeping those credit card numbers
on laptops secret) being a local matter. There is a far stronger
case to be made for S/MIME signing than for S/MIME encryption.
I couldn't agree more. That's what we see in the market. However,
more wide spread use of S/MIME signing creates a business case for
S/MIME encryption, as more and more certs are out there to be used.
Secure e-mail and digital signatures
Description: S/MIME cryptographic signature