gpgsm and expired certificates

[Robert J. Hansen]

(Before I begin I should say I agree with Mark -- this is commentary,  
not disagreement.)

> This bug seems to cry out for an add-on.  Then people who (think they)
> know what they are doing can have the additional convenience, and the
> rest can do whatever it is they do now.  I would guess there is
> resistance to putting this into the base product on the theory that
> 99.9% of users will just hit "yes", meaning "get rid of this
> unintelligible dialog and let me read the message", which is arguably
> a Bad Thing.

A detail oft-overlooked is that the question isn't whether the  
*sender* is part of the 0.1%; the question is whether the *recipient*  
is part of the 0.1%.  If I use a self-signed S/MIME cert, will my  
recipient be savvy enough to understand the risks and take appropriate  
steps?

I think 0.1% is a reasonable approximation: of all Thunderbird users,  
maybe one in a thousand has the skill necessary to safely and  
responsibly use a self-signed S/MIME cert, or to safely and  
responsibly check someone else's usage of a self-signed S/MIME cert.   
So one in a thousand senders, multiplied by one in a thousand  
recipients...

What I'm getting at here is that this isn't just a case of "99.9% of  
users will just hit 'yes', which is arguably a Bad Thing."  It's also  
a case of the user base for this being so small as to be  
indistinguishable from statistical noise.

> CAs the same thing that the user *should* have done with those
> commercial root cert.s: evaluate and install them individually.  (Of
> course hardly any of us have done this.)

Well, 'should' is a pretty strong word.  So long as someone  
understands the risks involved in letting Mozilla define your list of  
trusted CAs rather than taking individual responsibility yourself,  
that's really all we can ask for.  I do agree, though, that the  
default list of trusted CAs is eye-poppingly large.