--On Friday, May 14, 2021 15:15 -0400 John Levine
<johnl(_at_)taugh(_dot_)com> wrote:
It appears that John C Klensin <john-ietf(_at_)jck(_dot_)com> said:
Matthias,
I found this very helpful ... and quite consistent with my
experience and predictions from very different contexts. I
think we need to be aware of the tempting target presented by
an organizational server that holds and manages private keys
but, in the grand scheme of things, that may be less
problematic and risky than, e.g., hop by hop encryption with
messages in clear on poorly protected relay boxes.
Agreed, it's a nice summary.
I have noted there is currently no way to get a single S/MIME
certificate without paying an unreasonable amount of money. A
few CAs used to issue them for free, but no more.
http://www.cacert.org/ and, in particular,
http://wiki.cacert.org/EmailCertificates ??
Of course, when last I checked, none of the usual browser
vendors recognize their root cert, so working with their
certificates is probably not an plausible exercise for the
casual user. I've asked "why not" a few times but I mostly
don't get answers and those I do get sound a lot like "follow
the money".
Some sort
of LE for S/MIME would be much more likely make a difference
than yet another kind of rarely available key server.
Yep.
john
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp