Wednesday, December 21, 2005

Re: Comparison Of Secure Email Technologies X.509 / PKI, PGP, and IBE

Andrew,

You make some good points. The purpose of the paper is to show
where and what the problems are -- and motivate solutions.

The points you note are not technology limitations of usability
but implementation problems. Also, in business use, clients can
be chosen among those that work and the proper infrastructure
provided. The usage difficulty ("I can't even use it") exists
mostly for open-ended Internet use. Of course, we still have all the
other difficulties pointed out in the paper

Regards,
Ed Gerck

--- Andrew Patrick wrote:
> Hi;
>
> I have not read your paper in detail, but thought I
> would mentioned problems that I have had in using
> X.509 based email signatures.
>
> It boils down to the fact that email messages signed
> with X.509 certificates break a number of message
> clients at the receiving end to the point that I have
> given up on signing my email.
>
> Some clients simply fail to display the signed
> messages (usually webmail systems).
>
> Other clients assume that a message received with a
> signature must be replied to in a signed fashion, and then
> break when the replier does not have a certificate
> configured (MS Outlook Express).
>
> Some mail clients alter the incoming message (i.e., to insert
> ads, ala Yahoo mail), so a message integrity check fails, and
> some usually cryptic error mesage is shown to the receiver.
>
> So, in my mind secure email systems suffer from the
> most sever usability problem -- they don't work.

No comments: