[Cryptography] What ever happened to end-to-end email encryption?
Tobias Mueller
tobi at cryptobit.ch
Mon Aug 23 08:18:25 EDT 2021
Hi,
On Sun, 2021-08-22 at 14:46 -0500, Jeffrey Goldberg wrote:
> As much as we all hate the system of CAs out there, it is enormously
> better for users than the web of trust. This brings us to S/MIME.
> Getting a proper S/MIME certificate for most people requires that the
> generate a CSR. UI can help, but it is also a really big ask
> conceptually. Website certificates work because users only have to
> deal with the (much improved in recent years) browser warnings. Only
> the site administrators have to deal with CSRs and renewals. S/MIME
> puts that sort of burden on the user.
I tried to buy S/MIME certificates from all ten CAs that I could
identify, which sell S/MIME certificates via an online shop (rather than
sending documents via fax). From those ten, I could make business with
eight. The other two refused. From those eight, two (25%) did not
present another option than uploading a CSR.
I measured the time it took me to get from zero to certificate.
The quickest was 2m45s. That's excluding time to wait for email to be
delivered (after being held back by greylisting).
With ACME for S/MIME as specified in RFC 8823¹, the requirement for
users to actively generate a CSR is arguably eased.
Best,
Tobi
1: https://datatracker.ietf.org/doc/html/rfc8823
More information about the cryptography
mailing list