Ian G wrote: > On 19/6/09 15:36, Jean-Marc Desperrier wrote: >> Nelson B Bolyard wrote: >>> if you send an encrypted message to >>> someone from whom you have never received a signed S/MIME message, you >>> will >>> use weak encryption. > > Does this assume LDAP for acquiring the certificate without a signed > S/MIME message? (So it is only relevant in corporate setting?)
Or other situations where you solely have a S/MIME cert. > S/MIME is pretty much broken as a design. IMHO it is not worth fiddling > around at the edges, because you'll fix one little thing and won't > achieve a thing. 100 other little things will bring you down. Strange enough it's useful for some people. I'd simply like to have some more S/MIME-related settings in Thunderbird and Seamonkey in the config UI. And also both products should display the symmetric cipher and key strengths actually used in a S/MIME message like it's already done for SSL connections. Ciao, Michael. -- Michael Ströder E-Mail: mich...@stroeder.com http://www.stroeder.com -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
