> From: Phillip Hallam-Baker <hallam@xxxxxxxxx>
> S/MIME is almost what we need to secure email.
If by "secure email" you mean 'render email impervious to being looked at
while on the wire', perhaps. If, however, you mean 'render it secure from
ever being looked at by anyone else', no way.
Even if it's stored on the destination host in encrypted form, if that host is
compromised, the contents of that email are now at risk. Even if the key is
not stored on that machine, the next time it's entered into that machine (or,
more broadly, the encrypted email and the key are brought near each other), it
can be lifted, _if that computer has been compromised_.
This whole 'surveillance of online activity' is a lot bigger problem than the
IETF's work domain. For us to think we can 'solve' it is massively hubristic.
Noel