Typical S/MIME keys are issued by CAs that verify them by sending you mail with a link. While it is easy to imagine ways that could be subverted, in practice I've never seen it.The most obvious way that it can be subverted is that the CA issues you a key pair and gives a copy of the private key to one or more others who would like either to be able to pretend to be you, or to intercept communication that you have encrypted. I would argue that this is substantially less trustworthy than a PGP key!
Like I said, it's easy to imagine ways it could be subverted. If you believe all CAs are crooks, you presumably don't use SSL or TLS either, right?
Of course you can _do_ S/MIME with a non-shared key, but not for free, and not without privacy implications. (I'm just assuming that an individual can get an S/MIME Cert on a self-generated public key—I haven't actually found a CA who offers that service.)Same issue. I can send signed mail to a buttload more people with S/MIME than I can with PGP, because I have their keys in my MUA. Hypothetically, one of them might be bogus. Realistically, they aren't.Very nearly that same degree of assurance can be obtained with PGP; the difference is that we don't have a ready system for making it happen. E.g., if my MUA grabs a copy of your key from a URL where you've published it, and validates email from you for a while, it could develop a degree of confidence in your key without requiring an external CA, and without that CA having a copy of your private key. Or it could just do ssh-style leap-of-faith authentication of the key the first time it sees it; a fake key would be quickly detected unless your attacker controls your home MTA or the attacked identity's home MTA.
That would be great if MUAs did that, but they don't.As I think I've said three times now, the actual support for S/MIME in MUAs is a lot better than the support for PGP. It helps that you can extract a correspondent's key from every S/MIME message, rather than having to go to a keyserver of some (likely untrustworthy) sort to get the PGP keys.
If we think that PGP is so great, how about writing native PGP support for Thunderbird and Evolution, and contribute them to the open source codebase?
Regards, John Levine, johnl@xxxxxxxx, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. http://jl.ly
<<attachment: smime.p7s>>