I was answering a specific point about outlook web mail, to help one user.On Fri, 25 Oct 2002 13:17:29 +1200, Franck Martin said: > Note that you can set your exchange server to convert s/mime messages > automatically... On my exchange 5.5 in the Internet connector there is an This is, of course, assuming you are willing or able to use an exchange server. Not all the world uses the same proprietary package (which happens to be what originally STARTED this thread).
You may want to think about SPAM. Certificates for web access and protocols is well defined and working.> We are in chicken-egg situation, that will be solved with a global PKI (my > opinion)... You might want to stop, take a deep breath, and ask yourself exactly what problems a "global PKI" will solve (you might want to go read the chapter on PKI in Schneier's "Secrets and Lies" if you haven't already). Now let's see:
I agree with you about all the cert usage possibilities. They are all valid. I will check the refrence you gave, but I have also read Peter Gutmann tutorial on security.
I think the only question of a PKI in our case, is to initiate communication between two people who never met. If you have to do an handsake before the message is sent, I think it is overkill and may not work, however tmda.sourceforge.net proposes exactly that.
The question of a global PKI is to remove anonymity. You can trace back to a real person (legal person) from the certificate. Who can offer that? What has to be done? This is my question...
I don't beleive (personnal view) that the web of trust is fully good. This is interesting and I'm curious about it but someone can proxy someone, etc.. so that When I'm trying to know who I'm dealing with I'm lost in a web of "front companies" to name an analogy.
If signed e-mails become standard, I may decide to accept only signed e-mail, because I will be able to know who it is, and take action... Think about SPAM and viruses that impersonate other people...
The other application would be with IPsec, to initiate an IPSEC channel between 2 computers that do not know each other..
At USD300 a certificate per year, IPSEC will made a few VERY rich... May I put an analogy between the evolution of software cost to the evolution of IP protocols cost: From Free to low cost (https) to major cost (IPsec, e-mail) and unavoidable.
This is not an easy subject I realise that...