On Sat, 2002-10-26 at 03:26, Valdis(_dot_)Kletnieks(_at_)vt(_dot_)edu wrote:
On Fri, 25 Oct 2002 13:17:29 +1200, Franck Martin said:
> Note that you can set your exchange server to convert s/mime messages
> automatically... On my exchange 5.5 in the Internet connector there is an
This is, of course, assuming you are willing or able to use an exchange
server.
Not all the world uses the same proprietary package (which happens to be
what
originally STARTED this thread).
I was answering a specific point about outlook web mail, to help one
user.
> We are in chicken-egg situation, that will be solved with a global PKI (my
> opinion)...
You might want to stop, take a deep breath, and ask yourself exactly what
problems a "global PKI" will solve (you might want to go read the chapter
on PKI in Schneier's "Secrets and Lies" if you haven't already). Now let's
see:
You may want to think about SPAM. Certificates for web access and
protocols is well defined and working.
I agree with you about all the cert usage possibilities. They are all
valid. I will check the refrence you gave, but I have also read Peter
Gutmann tutorial on security.
I think the only question of a PKI in our case, is to initiate
communication between two people who never met. If you have to do an
handsake before the message is sent, I think it is overkill and may not
work, however tmda.sourceforge.net proposes exactly that.
The question of a global PKI is to remove anonymity. You can trace back
to a real person (legal person) from the certificate. Who can offer
that? What has to be done? This is my question...
I don't beleive (personnal view) that the web of trust is fully good.
This is interesting and I'm curious about it but someone can proxy
someone, etc.. so that When I'm trying to know who I'm dealing with I'm
lost in a web of "front companies" to name an analogy.
If signed e-mails become standard, I may decide to accept only signed
e-mail, because I will be able to know who it is, and take action...
Think about SPAM and viruses that impersonate other people...
The other application would be with IPsec, to initiate an IPSEC channel
between 2 computers that do not know each other..
At USD300 a certificate per year, IPSEC will made a few VERY rich... May
I put an analogy between the evolution of software cost to the evolution
of IP protocols cost: From Free to low cost (https) to major cost
(IPsec, e-mail) and unavoidable.
This is not an easy subject I realise that...