On 22/09/11 00:56 AM, Joe St Sauver wrote:
....
#Anybody want to put forward a conjecture about the response to this pop-up
#across the population of e-mail users?
Naturally, users (or their support staff) will disable OCSP/CRL checking to
make the pop-ups stop happening.
C.f., revocation is broken. The disablement of OCSP checking has been
... errrr widely suggested.
Which leads to a curious puzzler; if it doesn't work for users, who does
it work for? Ah, the cynicism :P
When smime.p7s files start getting stripped, there goes yet another
potentially critical piece of security technology.
All email client vendors had to do to give smime a chance in life was to
make it easy to generate and use a cert. Automatically. Add an
account, generate a cert. The rest can follow in due course...
Dunno why, but the architecture seems to be an exercise in won't work.
Is it possible that nobody really wanted smime to work?
iang
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
