Meng Weng Wong [mengwong(_at_)dumbo(_dot_)pobox(_dot_)com] wrote:
You know, I just had a funny thought.
If people find the things we're doing yucky --- SPF, SES,
Sender ID, Yahoo Domainkeys, and so on --- then maybe
they'll be more receptive to the alternative: S/MIME.
I'm all for wide-spread real cryptographic message signing. :-)
Paul Iadonisi [pri(_dot_)spf1(_at_)iadonisi(_dot_)to] wrote:
You *must* know this was coming: isn't S/MIME patent encumbered? I
don't know the whole story, but let's nip that in bud EARLY, instead of
building up to the spectacular crescendo that was MARID, okay?
I'd rather see OpenPGP pushed, if patents are going to be a problem
with S/MIME.
Well, search for the "smime" working group at
https://datatracker.ietf.org/public/ipr_search.cgi
There are at least three IPR disclosures for the S/MIME WG. Although
there are no IPR disclosures for the OpenPGP ("openpgp") WG, there may
still exist some IPR, and even some of the S/MIME IPR might apply to
OpenPGP (possibly the IBM ones).
That said, if S/MIME does *not* have patent issues, then
GO FOR IT. If it's technically feasible, of course, and it can solve
the...ugh...what problem is it supposed to solve again :-).
If users of online services (e.g. banking) consequently use the services'
crypto keys to verify e-mail messages that supposedly originate from those
services, cryptographic message signatures effectively prevent phishing.
Crypto will never prevent misdirected bounces, i.e. envelope sender
forgery, though. Only SPF Classic, RMX, and Co. will.