Taking a leaf from Firefox, it has this nice feature for security in it which is to turn the URL bar yellow when SSL is enacted. If each email address were to go yellow if it was encrypt-to rated, and some were not yellow, that would suit my preferences.
(I'd still think your check boxes above would be fine, but with the yellow email addresses, I'd then turn those checkboxes off.)
I like the idea! Worth adding to the bug: https://bugzilla.mozilla.org/show_bug.cgi?id=278989
Well, I actually like that idea, but obviously it's not feasible because the certificate would be worthless if it wasn't verified to be linked to the email address of the user. (Or have I misunderstood the concept?!)
Yes, the assumption that "the certificate would be worthless" is incorrect. If the certificate was sent by the stated email address, then it is linked. Only if you are under some form of active attack would you expect some form of connivery.
Yes, I realised my mistake after I sent the posting.
There is a flaw in the logic of the CA-based email security model. The CA concept - certificate "authority" - is useful where you do not know the party you are dealing with. Like, Amazon. Yet, this assumption does not exist in email; almost everyone we mail (unless we are a spammer) is already known to us. Which means we have already at hand superior mechanisms to control the security.
Whatever logic exists in browsing, there is practically no security reason to use CA-signed certs in email. In fact, they definitively reduce security over the self-signed alternate. (Browsing is another story, a bit more complex.)
My motivation (possibly misled?) is also that one way of eradicating spam is for everyone to adopt CA-signed email certificates, since they are some guarantee that the person holding the certificate is the person who owns (or has access to, admittedly) the email address. This is not the case with self-signed certificates. It's perhaps a far-fetched idea, but if we all had CA-signed certificates, our spam filters could simply delete all unsigned emails.
Obviously one risks entering into a political debate about the Certificate Authorities at this point, until such time as organisations like cacert.org are recognised.
Yes. You do realise that governments can defeat CA-signed security like your Thawt cert, but they cannot defeat self-signed security?
I do now. :-) How so? They are given the keys by the CAs?
So if hypothetically your attacker is a government, you should use PGP, rather than cert-based email.
Jay _______________________________________________ mozilla-crypto mailing list mozilla-crypto@mozilla.org http://mail.mozilla.org/listinfo/mozilla-crypto
