On Tue, 26 Oct 2004, Meng Weng Wong wrote:
You know, I just had a funny thought.
If people find the things we're doing yucky --- SPF, SES,
Sender ID, Yahoo Domainkeys, and so on --- then maybe
they'll be more receptive to the alternative: S/MIME.
Where were you with your throughts and marketing skills 5-10 years ago? :)
And really I agree S/MIME would have been great alternative and had a lot
more use by now (possibly even close to 50% use instead of current miserable
0.5%) if we actually had one unified standard (instead of competition between
PGP and S/MIME that we have now). And as far as I know 5 years ago (+/- 2
years) PGP people were willing to give up their format for more extensible
ASN.1 (S/MIME) if S/MIME were to support both centralized certificate system
and peer-peer verification model. But it then became clear that some
companies were in fact willing to do anything (including suing PGP author)
to not make peer-peer model for cryptographic authentication a reality.
P.S. For graphic representation of differences in PGP and S/MIME models see
slides 22 and 23 of http://www.elan.net/~william/asrg/SecuringEmailPath.pdf
--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net