Anders Rundgren wrote:
Michael Ströder wrote:
Ian G wrote:
* it has no open + effective key distribution mechanism. (I exclude
the LDAP stuff as that is generally for internal / corporates, and is
not a general solution for the users.)
Just exchanging signed S/MIME e-mails is quite easy for most users. The
case that e-mail receivers are completely unknown is fairly seldom. This
is a non-issue.
The e-mail receivers are seldom unknown but their CAs are. Using
Windows Mail most PKIX signed messages give me a black screen
telling there is something wrong with this message, while messages
asking me to download EXE files pass without warnings.
When I'm in a project working for a company which has a S/MIME CA
importing the CA cert into my S/MIME-enabled MUA is a no-brainer. What's
the issue? I establish trust for a certain purpose: Exchanging secured
e-mail with a certain company so nobody can read the documents *they*
want to keep confidential. I'm happy to do that once for a CA cert
instead of having to initiate a secure key exchange with every employee
of the company.
The sad thing is: The users, in this case my project colleagues,
sometimes do not know how to use the existing S/MIME infrastructure
although they enrolled during a user registration process and they
already have everything on their desktop. Although I'm not involved
personally with the S/MIME infrastructure my attitude is to teach the
people how to use it. And they feel better when using it because they
know there's a need for e-mail protection. But they were simply not
teached. That's a non-technical problem. And any other
signature/encryption/whatever standard will suffer from this.
E.g., after changing laptops recently, I still cannot s/mime to half
my counterparties because I don't have their certs. This happens
regularly with everyone I know...
???
I've changed my notebook harddisk quite often. I never lost my Seamonkey
cert DB containing the key history of the last 10 years since it's part
of the Mozilla profile which I have backups of.
Each time you want to use another computer.
Oh, come on! How often do you *really* do this? And how do you move
around the rest of your workspace? There are many more things to
consider when you want real roaming than just your keys and PKCs of others.
Why do you think I claim that mobile crypto is a prerequisite?
Either your mobile also runs the apps or you have to integrate your
mobile with the PC on which the whatever-you-call-your-standard-enabled
app runs. The latter is the same problem space like using
smartcards/readers or USB tokens as key store.
For hackers, yes. For corporations with IT-support, yes. For consumers
OTOH it is a showstopper.
BTW: Consumers don't switch PCs so often. My friends and relatives who
get a new PC also try to backup and restore their MUA profile data (or
somebody helps them to do it).
* it needs a few tweaks in UI to align it with the safe usage models,
so, for example the "signing" icon has to go because it cannot be used
for signing, because signing is needed for key distribution. It also
cannot be used for signing unless reference is made to the conditions of
signing, and no UI vendor has ever wanted to give time&space to a CPS.
Maybe it's me but frankly I don't understand what you say here.
Especially I don't see the need for a "UI vendor" to define a CPS (if
Certificate Practice Statement is meant here).
I believe Ian is referring to the problem which made me starting this thread...
That is, the need for end-users to become trust managers.
Everybody is a trust manager. All day everybody is making trust
decisions. But there's no ultimate trust.
Ciao, Michael.
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
