S/MIME or PGP/MIME?
Fri Dec 7 02:20:01 2001
-----BEGIN PGP SIGNED MESSAGE-----
While we're on the topic, here are some of my comments on S/MIME, and
what we can learn from it:
S/MIME mailer implementations have been riddled with interoperability
problems and tentative (at best) support from their backers. While I
haven't given it a shot in a couple years, I understand that Netscape is
not actively developing S/MIME support. Outlook still seems to work,
but I don't know of any other implementations.
I think there are a couple really important things to learn from the
S/MIME mailer implementations we've seen:
1 Key Propogation
S/MIME mailers attach the cert to every outgoing message (that is signed
or encrypted). Not only that, they notice when a cert is attached to
incoming messages and add it to the keyring (mixing metaphors a bit).
2 Opportunistic Encryption
Try sending a message to half a dozen recipients when you only have keys
for half of them. S/MIME mailers will encrypt tho those it can, and
send cleartext to the rest.
3 Seamless Integration (My favorite!)
S/MIME mailers never show you any cyphertext. They just have little
icons to indicate when a message was encrypted or verified successfully.
None of those observations have anything to do with the protocol. I
think Open PGP integration needs to to take some of these hints.
However, the problem isn't that the mailer developers are doing it
wrong, it is that they haven't been given the tool they need - an open
source OpenPGP toolkit. This is what the world needs now, and in my
view, the best approach is to extend OpenSSL. When that's done, it will
be very practical for every mailer developer to build OpenPGP support
directly into their apps.
Kadrevian Nonlinear Accelerator
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (Darwin)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----