Paul Holman pablos@kadrevis.com
Fri Dec 7 02:20:01 2001

Hash: SHA1

While we're on the topic, here are some of my comments on S/MIME, and 
what we can learn from it:

S/MIME mailer implementations have been riddled with interoperability 
problems and tentative (at best) support from their backers.  While I 
haven't given it a shot in a couple years, I understand that Netscape is 
not actively developing S/MIME support.  Outlook still seems to work, 
but I don't know of any other implementations.

I think there are a couple really important things to learn from the 
S/MIME mailer implementations we've seen:

1	Key Propogation
S/MIME mailers attach the cert to every outgoing message (that is signed 
or encrypted).  Not only that, they notice when a cert is attached to 
incoming messages and add it to the keyring (mixing metaphors a bit).

2	Opportunistic Encryption
Try sending a message to half a dozen recipients when you only have keys 
for half of them.  S/MIME mailers will encrypt tho those it can, and 
send cleartext to the rest.

3	Seamless Integration (My favorite!)
S/MIME mailers never show you any cyphertext.  They just have little 
icons to indicate when a message was encrypted or verified successfully.

None of those observations have anything to do with the protocol.  I 
think Open PGP integration needs to to take some of these hints.  
However, the problem isn't that the mailer developers are doing it 
wrong, it is that they haven't been given the tool they need - an open 
source OpenPGP toolkit.  This is what the world needs now, and in my 
view, the best approach is to extend OpenSSL.  When that's done, it will 
be very practical for every mailer developer to build OpenPGP support 
directly into their apps.

- --
Paul Holman
Kadrevian Nonlinear Accelerator
Version: GnuPG v1.0.6 (Darwin)
Comment: For info see http://www.gnupg.org