Re: EmailSigning feedback from Kingsley Idehen on 2012-10-01 (public-rww@w3.org from October 2012)

From: Kingsley Idehen <kidehen@openlinksw.com>
Date: Mon, 01 Oct 2012 11:05:11 -0400
To: public-rww@w3.org
Message-ID: <5069B127.9040803@openlinksw.com>

On 10/1/12 9:12 AM, Jürgen Jakobitsch wrote:
> apparently this whole emailSigning thing not so easy and there is a
> plethora of "reactions" from different email clients.
>
> maybe we should set up a wiki-page with a matrix of the creation process
> and the experiences with different mail clients to come up with a
> solution that suits most people.
I wrote a number of howtos [1] for all the major email clients due to 
what you outline above. Sadly, the world of PKI exploitation has been 
turned on its head by the overbearing nature of those in the CA business.

In the world of eCommerce, 3rd party verification of vendor identity is 
crucially important. Sadly, that's a single use-case pattern that's come 
to cloud (obscure) the entire realm of PKI exploitation as you are now 
experiencing with inconsistent behavior across S/MIME clients.

For social networking, 3rd party identity verification doesn't have to 
follow centralized CA pattern. In short, therein lies the fundamental 
essence of the WebID authentication protocol. Even without adding the 
requirement for IdP's to generate certificates with the issuer/signer's 
WebID in the Issuer Alternative Name (IAN) slot, it is still possible to 
ignore email client behavior en route to looking up the WebID that 
watermarks a senders certificate. This is base #1, the first step.

Beyond the basics above, without the tedium associated with writing 
plugins for each email client, it is possible to incorporate WebID into 
IMAP4 which enables smart organization of mailboxes. This is what I'll 
demonstrate next as we've implemented this feature a while back as part 
of our exercising the practical utility of WebID within the context of 
existing protocols.

Links:

1. http://bit.ly/U9tvcP -- various G+ howtos for different email clients .

-- 

Regards,

Kingsley Idehen 
Founder & CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca handle: @kidehen
Google+ Profile: https://plus.google.com/112399767740508618350/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen

Attachments

application/pkcs7-signature attachment: S/MIME Cryptographic Signature

Received on Monday, 1 October 2012 15:05:32 UTC