Lets try a thought experiment. Imagine for a moment someone came to this
forum in 1990 proposing say lossy packet routing could never possibly work
because nobody could rely on such a system, pointing out that the Internet
was minute compared to the telephone system and that therefore the Internet
could never possibly be built. Furthermore the fact that the OSI networking
stack was poorly specified and X.500 would inevitably fail meant that the
Internet could not possibly work.
Imagine what the response would be. Perhaps a pointer to an existence proof?
Perhaps RTFM?
Yes, there are serious problems with the PKIX model, there are also serious
problems with the PGP model. There are even bigger problems with the 'X.500
will come and solve the problems of PKI model'. That is why all the major
PKI vendors have abandonded those models (OK some cling to X.500 but only to
suck up to customers, they don't believe in that stuff any more than I do).
PKI is doing just fine thank you. If you need one to solve a specific
problem it can be done. If you start from the position that any solution
must be entirely costless you will have problems, but if you are realistic
there are solutions that save cost overall.
You are telling if someone else was given a certificate in my name and
signed a virus code and distributed it. I would go to jail for it
because it was signed in my name.
Check with a lawyer - and note that the spammers are *already* using things
like Jeem trojans to relay their spam. If they've got that much of a
foothold on your machine, adding code to sign the spam with your private
key
is pretty trivial, really....
IANAL... and neither it appears are you...
According to the ABA digital signature guidelines a digital signature should
create a REBUTTABLE presumption of validity. That is exactly the same as the
standard for a written signature, it is assumed to be valid unless you
affirmatively claim it to be invalid.
You might well have other issues if your machine is cracked and used to
attack someone else. There might be claims of negligence etc. but I am not
aware of such claims being made in cases to date...
The grandmother loses her private key and loses her house thing was analyzed
to death when the laws were being written.
You probably don't want to ever use S/MIME as a mechanism to create
promiscuous contracts. You might however want to use the fact that all your
emails are S/MIME signed to defend yourself against claims that someone
appropriated your signature.
Phill