On Wed, Sep 24, 2014 at 8:11 AM, Jari Arkko <jari.arkko@xxxxxxxxx> wrote: >> Apple's Mail.app on desktops allows an S/MIME key to bound via >> Keychain to a particular correspondent, without placing any trust >> in whatever CA may have issued the certificate. This makes S/MIME >> usable with a TOFU trust-model. >> >> So for me the sweet-spot has been S/MIME with direct (leap of faith) >> trust. I am disappointed when I can't use TOFU with S/MIME in some >> other MUAs. > > Yes - I have a lot of sympathy for this point of view. Taking this slightly more towards the end-user view, not sure I care about what bits are underneath, as long as I can achieve what I need to achieve. For a lot of users that appears to be hierarchical/unconditional trust for their employer’s organisation _and_ the ability to TOFU for the authentication with their friends, family, and external entities. Perhaps TOFU not just with individuals, but also with organisations. Right. S/MIME can be used non-hierarchically, and PGP could be used hierarchically. There are very few PK protocols I can think of where trust mesh or trust hierarchy are so deeply embedded that you cannot co-opt the protocol to work the other way. (The one example that comes to mind is DNSSEC, and even there TOFU/mesh is not unthinkable, just ETOOHARD too manage because of how removed from the user DNS is.) This leads me to believe that letting TOFU vs. trust mesh vs. trust hierarchy lead us to having two end-to-end e-mail security standards was a mistake, and the trust model discussion is mostly a red herring. > The question is, how much of this is protocol machinery and how much UI design? Maybe we need to put the main e-mail app developers into a room and not let them out until they have prototypes of usable TOFU *and* hierarchical security in their apps :-) I’m joking of course, but it is also true that if the industry needs to do something, they have in many cases come together even as competing entities, and taken on the challenge. Interops, world v6 launch, etc. But I’m not the expert. You guys are - what would help? For e-mail the protocol is completely separable from the trust model. Trust hierarchy does not let the UI off the hook, so we might as well design UIs supporting all PK trust models, not just one. After all, an MUA that implements S/MIME and PGP will have to anyways... Nico --