>I think the problem with S/MIME is that it violates a major principle
>of software usability: make the most commonly performed tasks the
>easiest to accomplish.
You find clicking on the little icons difficult?
This is just more of the same - parotting out some slogan you
read in some book in the hope it might be applicable. The
fact that you make the accusation tends to imply that you
have never used S/MIME.
I note that you are not signing your emails with PGP, wheras
I sign every one of my messages with S/MIME (except for those
I send from the PalmVI or RIM which I don't yet have an S/MIME
client for).
I sign every one of my messages because S/MIME makes that easy.
Anyone who is reading the message with a recent edition of a major
email client (except Eudora) can check the signature without
downloading the plug-in.
Is this about persuading as many people as possible to use strong
crypto?
> Most people who want e-mail security have a
>one or a few corespondents with whom they wish wish to exchange
>e-mail in secrecy.
Most corporations want to deplopy S/MIME to employees desktops
without the employees having to think very much about the process.
Going to the Thawte server to get a free 12 month cert is hardly
a difficult process.
> S/MIME, at least as widely implemented, makes
>doing that hard,
That is your personal opinion, not a statement of universal fact.
I would regard it in the same category as people who say that
'Macintosh is easy to use', meaning 'it is what I am used to
and what I find easiest to use'.
I personally think the Mac user interface sucks, especially
the mechanism for ejecting disks. Go roung the MIT AI lab and
I guarantee you that where you find a Mac, an unwrapped
paperclip for popping out disks and CDROMS is not far away.
In the same fashion, I find explaining the Web of Trust idea
to folks who are not highly computer litterate a challenge to
say the least.
To claim that there is such a substantial difference in ease
of use between S/MIME and PGP that one is unusable is simply
ridiculous.
PGP is in my view popular with people who want to have absolute
control over their environment - even if that is at the expense
of security. To use PGP securely, one pretty much has to only
use keys signed by people you know are meticulous in checking
credentials. In my case that means I only use keys signed by
Jeff Schiller. Now I have the advantage of actually knowing Jeff,
but for the life of me I can't see the scalability in that
solution. What do I do if I want to speak to someone who hasn't
yet met Jeff - buy them an air ticket to Cambridge MA so they
can meet him?
As you say, it would be quite easy to write an S/MIME key signing
tool, CAPI provides all the necessary functionality, it just
needs a UI.
PGP is unfortunately not scallable to commercial usage. It is
therefore only a partial solution for a restricted community.
There is absolutely no way that PGP could provide a PKI structure
to support applications such as Identrus or ANX. Unfortunately
PGP is only about privacy. PGP does not provide any meaningfull
or usefull statement about identity. The integrity capabilities
of PGP are as a result not usefull if one wishes to provide any
degree of assurance with respect to the enforcement of digitally
signed contracts.
Phill
smime.p7s
