W3C home > Mailing lists > Public > public-rww@w3.org > October 2012

Re: EmailSigning feedback

From: Jürgen Jakobitsch <j.jakobitsch@semantic-web.at>
Date: Mon, 01 Oct 2012 17:37:17 +0200
To: Kingsley Idehen <kidehen@openlinksw.com>
Cc: public-rww@w3.org
Message-ID: <1349105837.5548.37.camel@linux-1rgw.site>
hi,

thanks, i'm clear about that, thing is that i would like to have signed
mails a "green" footer in most cases anyway. i already had feedback from
people who were not able to open my signed mails and i'm thinking about
not scaring people if there should be some sort of viral effect. i don't
want my signed mails to be rejected or deleted by someone who just
doesn't know that it has no meaning. i also don't want to change my
email signature to include an argument about why an "invalid" or "not
trusted" certificate doesn't really matter.

i just started a small survey in our company per email, with some
questions like : 

-do you notice at all, this email is signed
-does it look invalid, not trusted
-if yes, does this scare you somehow

will report back

wkr turnguard




On Mon, 2012-10-01 at 11:05 -0400, Kingsley Idehen wrote:
> On 10/1/12 9:12 AM, Jürgen Jakobitsch wrote:
> > apparently this whole emailSigning thing not so easy and there is a
> > plethora of "reactions" from different email clients.
> >
> > maybe we should set up a wiki-page with a matrix of the creation process
> > and the experiences with different mail clients to come up with a
> > solution that suits most people.
> I wrote a number of howtos [1] for all the major email clients due to 
> what you outline above. Sadly, the world of PKI exploitation has been 
> turned on its head by the overbearing nature of those in the CA business.
> 
> In the world of eCommerce, 3rd party verification of vendor identity is 
> crucially important. Sadly, that's a single use-case pattern that's come 
> to cloud (obscure) the entire realm of PKI exploitation as you are now 
> experiencing with inconsistent behavior across S/MIME clients.
> 
> For social networking, 3rd party identity verification doesn't have to 
> follow centralized CA pattern. In short, therein lies the fundamental 
> essence of the WebID authentication protocol. Even without adding the 
> requirement for IdP's to generate certificates with the issuer/signer's 
> WebID in the Issuer Alternative Name (IAN) slot, it is still possible to 
> ignore email client behavior en route to looking up the WebID that 
> watermarks a senders certificate. This is base #1, the first step.
> 
> Beyond the basics above, without the tedium associated with writing 
> plugins for each email client, it is possible to incorporate WebID into 
> IMAP4 which enables smart organization of mailboxes. This is what I'll 
> demonstrate next as we've implemented this feature a while back as part 
> of our exercising the practical utility of WebID within the context of 
> existing protocols.
> 
> Links:
> 
> 1. http://bit.ly/U9tvcP -- various G+ howtos for different email clients .
> 

-- 
| Jürgen Jakobitsch, 
| Software Developer
| Semantic Web Company GmbH
| Mariahilfer Straße 70 / Neubaugasse 1, Top 8
| A - 1070 Wien, Austria
| Mob +43 676 62 12 710 | Fax +43.1.402 12 35 - 22

COMPANY INFORMATION
| web       : http://www.semantic-web.at/
| foaf      : http://company.semantic-web.at/person/juergen_jakobitsch
PERSONAL INFORMATION
| web       : http://www.turnguard.com
| foaf      : http://www.turnguard.com/turnguard
| g+        : https://plus.google.com/111233759991616358206/posts
| skype     : jakobitsch-punkt
| xmlns:tg  = "http://www.turnguard.com/turnguard#"

Received on Monday, 1 October 2012 15:37:51 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 1 October 2012 15:37:51 GMT