Certificate authorities also can forge certificates and issue certificates in fake names if asked by government agencies. S/MIME is too much under central control by design to be a sensible choice for general individual use.
The central control is doubtless primarily motivated by the hopes of turning a profit selling certificates to allow people to exchange secure email etc. OpenPGP's WoT provides a superset of S/MIME's hierarchically controlled answer to identification and trust -- you can still have CAs with OpenPGP, plus you can cross check and peer-to-peer certify people you wish to interact with and so not need to trust some untrustworthy and generally incompetent organisation. (Verisign for example issued someone a microsoft code signing cert). Adam On Thu, May 23, 2002 at 09:46:34AM -0700, Curt Smith wrote: > Although I also hope for widespread e-mail encryption, I feel > that S/MIME introduces more problems than it resolves. > > Certificate Authorities issue certificates complete with CA > imposed expiration dates and usage limitations. > (I prefer independent systems with unrestricted certificates) > > Certificate Authorities match individuals to keys > (Thanks, but no thanks) > > Certificate Authorities can revoke certificates at anytime > (CA-driven DOS attack) > > These are in addition to compatibility and security issues.
