On 03/27/2009 03:58 AM, Ian G:
Encryption would give more privacy of emails, where otherwise there was less privacy.
S/MIME encryption without assuring the email address is security theater. What you suggest would be even counter-productive since it would give the wrong impression of encryption (security) without actually being able to do so. There is nothing different as with web sites, hence Mozilla has such a requirement for S/MIME certificates in its CA Policy. It's there fore a reason, not because it's fun imposing requirements on CAs.
What I thought interesting at the initial idea is to cut certain steps short without compromising the basic security of the users. I think you'd have to make your mind up what's more important - improvements with the basic security requirements taken care of or perhaps no improvement at all.
-- Regards Signer: Eddy Nigg, StartCom Ltd. Jabber: start...@startcom.org Blog: https://blog.startcom.org -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
