On Fri, May 24, 2002 at 11:17:08AM -0700, jamesd@echeque.com wrote:
-- On 23 May 2002 at 0:24, Lucky Green wrote:
Tell me about it. PGP, GPG, and all its variants need to die before S/MIME will be able to break into the Open Source community, thus removing the last, but persistent, block to an instant increase in number of potential users of secure email by several orders of magnitude.
My impression is that S/MIME sucks big ones, because it commits one to a certificate system based on verisign or equivalent.
It uses X.509, which is supposed to be a hierarchical certificate system. Verisign is just the dominant X.509 CA. But as others have pointed out, its possible to become one's own X.509 CA and issue oneself certs. Netscape and IE browsers will accept certs from completely made up CAs. You might have to click on a few "do you really want to do this" dialog boxes but that's it. All you need is a copy of Openssl and directions off a web site.. Additionally, there is nothing that prevents one from issuing certs that can be used to sign other certs. Sure, there are key usage bits etc but its possible to ignore them. It should be possible to create a PGP style web of trust using X.509 certs, given an appropriate set of cert extensions. If Peter can put a .gif of his cat in an X.509 cert there's no reason someone couldn't represent a web of trust in it. Each user would self-sign their cert. Or self-sign a CA cert and use that to sign a cert, same thing. Trust would be indicated by (signed) cert extensions that indicate "I trust Joe Blow X amount as a signer of keys". Each time you added a trust extension you would generate a new cert using the same key. Each trust extension would indicate the entity, their key id (hash of public key), and the degree of trust. When you added a trust extension you'd give a copy of the enw cert to the entity you just added. They can then append these certs onto their cert when they authenticate to someone. When authenticating, you verify the other guys cert, something he signed with his private key, then all the other people's certs that he sends in addition to his own, all of which attest to his trustworthiness. Ideally, you also trust some of the same people, so you now have their signed "statements" attesting to a degree of trust in the new guy. [note, there's probably a conceptal flaw in this since I'm loopy from allergy drugs today and probably not thinking as clearly as I think I am, so be polite when you point out my error. In any case, the point is that its possible to do a web of trust in x.509, not that I have a fully formed scheme for implementing it] Since all this is in X.509, S/MIME MTAs accept it (unless they are programmed to not accept self-signed CAs, in which case your MTA is a slave to Verisign et. al). You'd need an external program to verify the web of trust, but that's about it. And to be honest, exactly zero of the PGP exchanges I have had have actually used the web of trust to really verify a PGP key. I've only done it in testing. In the real world, I either verify out of band (i.e. over the phone) or don't bother if the other party is too clueless to understand what I want to do and getting them to do PGP at all has already exausted my paticnce. But why bother? Even if I could do this X.509 web of trust tomorrow, no one besides a few crypto-geeks would use it. People just don't give a shit about other people reading their email. Most people can't even be bothered to use a decent password or shred their credit-card statements. Only criminals have anything to hide, right? -- Eric