From: IN%"raph@cs.berkeley.edu" "Raph Levien" 5-MAY-1996 13:47:16.83
"Observers say SMIME's capabilities will let it replace software based on the PGP code, which is widely used. Unlike SMIME, which uses a structured certificate heirarchy, PGP relies on pre-certification of clients and servers for authentication, a limitation SMIME doesn't face."
Can one use a web-of-trust for S/MIME, for the cases when a structured hierarchy is exactly the _wrong_ thing to use? I'd think so, but I don't know anything about it.
Thus, it's a reasonable guess that almost all S/MIME messages that pass through the wires will offer "virtually no protection," to quote a phrase from a paper co-authored by the principal designer of S/MIME's encryption algorithms (http://www.bsa.org/policy/encryption/cryptographers.html).
A public breaking of some S/MIME messages would work to discourage this unsafe mechanism. One wonders if PGP Inc. could sponsor some variety of contest? -Allen