(Belated reply, now that my email is working again after toasted power supply problems!)
| view of what they had decided they meant, or are | big enough and ugly enough to take their punishment | if ever called to do so. | | What Simson showed was not only that the users | didn't know what that meaning was (no big deal) | but the users didn't even understand what the | question was. They are basically unaware and/or | confused about the entire process. | P.T. Barnum is as right today as he was a century ago. But ignorance on their part should not be construed as same on those who do understand.
Right. And now we reach a big philosophical issue for Mozilla, which has been mooted upon in these very pages of late.
Who is Mozilla for? Who is Tbird courting?
If it's the average user a.k.a. Joe Sixpack, then we have one way of looking at how to secure his traffic.
If it's Terry Techie, then we might expect him to learn the steps, the model, the customs.
But not Joe & Josephine Mixed Dozen.
Now, I'm assuming the 'average user', because that's what I was told, and it's unfair to anyone to flip back and forth in a conversation. But, I do recognise that ... this has created a very big tension, especially in places like S/MIME, where the setup assumes Terry Techie, and Terry is quite happy with the product as it is.
| Fun debate!
I suspect S/MIME is a square block to your round hole at least vis-a-vis certs in email apps. You might be interested in Ciphire (https://www.ciphirebeta.com/) an application that addresses some of the problems you've mentioned here and in the past.
Yes, I looked at Ciphire. In terms of getting crypto out to the people - Mozilla's undebated target audience - I'm not sure that Ciphire adds anything over OpenPGP clients. Sure, it might address the key distro issues better than say S/MIME, but it has to still carry the burden of being a downloaded client that just does crypto.
iang -- News and views on what matters in finance+crypto: http://financialcryptography.com/ _______________________________________________ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security