Michael Ströder wrote: >Ian G wrote: >> * it has no open + effective key distribution mechanism. (I exclude >> the LDAP stuff as that is generally for internal / corporates, and is >> not a general solution for the users.)
>Just exchanging signed S/MIME e-mails is quite easy for most users. The >case that e-mail receivers are completely unknown is fairly seldom. This >is a non-issue. The e-mail receivers are seldom unknown but their CAs are. Using Windows Mail most PKIX signed messages give me a black screen telling there is something wrong with this message, while messages asking me to download EXE files pass without warnings. >> E.g., after changing laptops recently, I still cannot s/mime to half >> my counterparties because I don't have their certs. This happens >> regularly with everyone I know... >??? >I've changed my notebook harddisk quite often. I never lost my Seamonkey >cert DB containing the key history of the last 10 years since it's part >of the Mozilla profile which I have backups of. When people in companies >get new PCs there's backup concept to migrate their old data. If not the >user has more problems than just the e-mail certs of others. >If you create a new profile in your MUA then you have to import the >certs therein. But does that happen very often? Each time you want to use another computer. Why do you think I claim that mobile crypto is a prerequisite? >This is a non-issue. For hackers, yes. For corporations with IT-support, yes. For consumers OTOH it is a showstopper. >> * it needs a few tweaks in UI to align it with the safe usage models, >> so, for example the "signing" icon has to go because it cannot be used >> for signing, because signing is needed for key distribution. It also >> cannot be used for signing unless reference is made to the conditions of >> signing, and no UI vendor has ever wanted to give time&space to a CPS. >Maybe it's me but frankly I don't understand what you say here. >Especially I don't see the need for a "UI vendor" to define a CPS (if >Certificate Practice Statement is meant here). I believe Ian is referring to the problem which made me starting this thread... That is, the need for end-users to become trust managers. Anders _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto