[cryptography] Security Pop-Up of the Day

ianG iang at iang.org
Wed Sep 21 15:08:12 EDT 2011


On 22/09/11 00:56 AM, Joe St Sauver wrote:
> ....
> #Anybody want to put forward a conjecture about the response to this pop-up
> #across the population of e-mail users?
>
> Naturally, users (or their support staff) will disable OCSP/CRL checking to
> make the pop-ups stop happening.

C.f., revocation is broken.  The disablement of OCSP checking has been 
... errrr widely suggested.

Which leads to a curious puzzler; if it doesn't work for users, who does 
it work for?  Ah, the cynicism :P

> When smime.p7s files start getting stripped, there goes yet another
> potentially critical piece of security technology.

All email client vendors had to do to give smime a chance in life was to 
make it easy to generate and use a cert.  Automatically.  Add an 
account, generate a cert.  The rest can follow in due course...

Dunno why, but the architecture seems to be an exercise in won't work.  
Is it possible that nobody really wanted smime to work?

iang




More information about the cryptography mailing list