>If you use gmail.com, you are at the mercy of google - whether encrypted >or not. those users have already given control away to google. This >document is not the right place to warn them about that.
As it stands now, your first sentence is just wrong. Currently, if I publish a S/MIME certificate for my gmail address, and people encrypt mail using it, Google can't read my mail. They can throw it away of course, but if it shows up in my mailbox, only I can read it. In the other direction, only I can sign mail with my cert, and Google can't pretend to be me in an S/MIME context. This assumes that CAs that sign S/MIME certs are competent enough to check that it's me asking them to sign, which I realize is kind of optimistic, but what I've laid out is the way that S/MIME is supposed to work. This document flips that situation around so now gmail can publish MITM certs for all its users whether they like it or not. That is a big change. R's, John _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
