Hi Frank, > But that little issue aside, I agree that personal email is one place > where I think you, Ian, and others have a good case to make regarding > the usefulness of starting with self-signed certificates and making the > use of CAs optional. It's a simple fact that people can do a pretty good > job of figuring out who they're corresponding with, based on the > expectations and knowledge they've built up based on previous > correspondence. (Yes, there's always the theoretical possibility of a > MITM attack, but I think that's of minimal relevance for the use case > we're talking about it.)
In the OpenPGP world they used to be obsessed with key signing parties and the like and this reflects their early beginnings as anti-government crusaders. These days nobody bothers, we just create keys and get on with correspondance. In practice, I don't think there has been much experience of any note in MITM attacks, although I have heard about one attempt by Kevin M against a computer company (it failed). > Where acceptance of self-signed certs is much less justifiable IMO is > with regard to email from banks, e-commerce sites, etc., both because > such correspondence is impersonal and formulaic (and hence easily faked) > and because it's mainly a one-way conversation (e.g., bank to you) with > no ongoing discussion from which the user can build up knowledge of the > person they're corresponding with. Indeed, that would be silly, and the easiest way to enforce that is to let a few banks do it, and then get lambasted in the press. What's that line about "Hell knoweth no fury like a guru offended by a bank's lame security?" > So in summary I think it would not be such a bad idea for Thunderbird to > implement a "bootstrapping" approach to signed and encrypted email based > on automatically generated private keys and self-signed certificates, so > long as it was restricted to correspondence with people whom the user > had explicitly entered into their address book, and thus with whom the > user could be presumed to have some sort of pre-existing relationship. Sounds like a good starting point. iang _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
