Lionel Elie Mamane lionel@mamane.lu
Fri Dec 7 07:48:01 2001

Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Dec 06, 2001 at 05:14:34PM -0800, Paul Holman wrote:

> I think there are a couple really important things to learn from the=20
> S/MIME mailer implementations we've seen:

IMHO, these are convenience-over-security choices.

> 1	Key Propogation
> S/MIME mailers attach the cert to every outgoing message and notice
> when a cert is attached to incoming messages and add it to the
> keyring (mixing metaphors a bit).

Bandwidth waste... And this is polluting the keyring with potentially
invalid (faked) keys. Adding a key to the keyring in the user's back
certainly isn't good an idea.

> 2	Opportunistic Encryption
> Try sending a message to half a dozen recipients when you only have
> keys for half of them.  S/MIME mailers will encrypt tho those it
> can, and send cleartext to the rest.

Hu? That's clearly a security risk. If you want the message encrypted
and it silently sends it as cleartext... You mean they really do that?
Oh my god...

> 3	Seamless Integration (My favorite!)
> S/MIME mailers never show you any cyphertext.  They just have little
> icons to indicate when a message was encrypted or verified
> successfully.

Mutt does that >:-)

> However, the problem isn't that the mailer developers are doing it=20
> wrong, it is that they haven't been given the tool they need - an open=20
> source OpenPGP toolkit.


Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org