<p dir="ltr">It's interesting to read your discussion. Don't underestimate the "users", they tend to be very highly motivated to learn. The ones that aren't, generally stop being users within a month from trying out encrypted mail because it's too complicated if you don't have an interest in learning.</p>
<p dir="ltr">In my personal opinion as a technically interested user, S/MIME is very good for companies and organisations that have to encrypt mail within the organisation. The IT technicians can create certificates, verify that a person really is an employee/member, and check their ID-card when they hand out the certificate. If someone ends their employment the IT people can revocate the certificate. If someone from company A want to communicate encrypted to someone from company B, and both companies use S/MIME and have good control over their certificate distribution, Anna from AT&T can really know with 99,9% probability that she is communicating with Bob from Bombardier.</p>
<p dir="ltr">However with S/MIME, for normal users from small companies or private users there is no way of knowing for sure that we communicate with the right person. The only way of knowing for sure is if we meet the person in person, and tell each other which email address we use and exchange keys or identification strings of a key uploaded to some server. With S/MIME certificate creation the only thing the CA's verify from normal users is the email address. But they don't verify who is using it, or if the email address has been stolen, or if the email address ever has belonged to the right person. So it really doesn't give any sense of extra security over OpenPGP for normal users.</p>
<p dir="ltr">That's why I prefer OpenPGP personally, I don't get any false sense of security when I communicate with normal users. I only trust the certificate/key after I met the persons in real life anyway so although S/MIME is good for others it gives me nothing extra that OpenPGP hasn't given me for a long time already.</p>
<p dir="ltr">The thing I don't like with OpenPGP is the "recently" implement WOT system. Just like the S/MIME system with global CA's it gives a false sense of security and really makes me trust OpenPGP less as it shows that the persons in charge of OpenPGP don't think things through before they implement new things. In my opinion most people that sign other persons keys aren't suited to do so, either because they aren't technically advanced enough or don't know enough about the other person's key creation process and safekeeping of key/password, or because they don't know the person well enough. Sometimes key signing is also done on special key signing gatherings, and the persons key you sign could as well be the key of a spy/agent or a criminal trying to impersonate another person by using a false ID. The persons that sign a key also gets an eternally long connection to the other person, which probably doesn't matter as long as either of you doesn't get into court. But the moment a person gets into legal problems, the people they have key signings with will automatically be seen as possible crime accomplices just like real life colleagues and friends.<br>
I'll give a realistic but very unlikely example: What if a TV personality called Anthony has key signing relations with 30 other persons and then one day happens to be caught with "his fingers in a cookie jar" in some way, for example the police finds out that he has one million child porn pictures on his laptop and some policeman sells the story to the national news and returns home that night with 100000€ in a bag. The day after Anthony is all over the news, and a couple of million people do searches on his name on the Internet. Thousands or maybe tens of thousands will possibly try to find his email address in order to send hate messages to him. Then some people start speculations on an Internet forum about him being part of a larger network of pedophiles and lists all the persons he has had some kind of encrypted relations/communications with. And you happen to be one of all the people who signed his key. Then the information spreads on other forums and Facebook, and finally makes it to the news that you are part of this big child porn network. Then the hate mail start arriving, maybe you don't get 10000 like Anthony but possibly 100 hate mails and some anti pedophile graffiti on your front door.</p>
<p dir="ltr">Unfortunately this is a realistic example of what might happen because of the WOT system. But in reality your only connection with him was that you signed his key on a key signing party. Others just falsely accused you because there was proof that you had some kind of encrypted relations with an alleged pedophile that was all over the news and they assumed that someone who commits crime prefers encrypted communications.</p>
<p dir="ltr">Besides with the WOT, anyone can impersonate anyone by creating fake email address and associate keys with these. For example one could create a key and email impersonating Merkel and having it signed by Obama and Putin to make it look more trustworthy. This could easily be done by spies in order to have people send important information to the wrong person.</p>
<p dir="ltr">To sum up, I prefer OpenPGP for normal users but the current WOT system is really bad and should be abandoned. The only way I can think of where a WOT system would really work is if the closest relatives of every person signed the keys. That would be the only way I can think of to really know if a person is who he says he is on a global scale. However it would only work well if enough people in the world signed the keys of their relatives so that the chain would be complete, and the few people without any living relatives would need another solution. So a good WOT isn't easily feasible in reality even if it's theoretically possible to have a Web Of Trust to actually give some trust.</p>
<div class="gmail_quote">Den 9 sep 2014 09:05 skrev "Bernhard Reiter" <<a href="mailto:bernhard@intevation.de">bernhard@intevation.de</a>>:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On Monday 08 September 2014 at 16:02:42, Werner Koch wrote:<br>
> On Mon, 8 Sep 2014 09:58, <a href="mailto:bernhard@intevation.de">bernhard@intevation.de</a> said:<br>
> However. in practise CRLs do not work on a global scale.<br>
<br>
There are a number of working examples, but I agree that they have problems.<br>
Especially since nss (from mozilla) does not enable them by default (AFAIR).<br>
<br>
We came from the question what the use of dirmngr is, I just tried to explain<br>
it: There are a number of nicely working real world examples where dirmngr<br>
does the crl checks just fine, so validity information is quite current and<br>
minimally requested over the wire.<br>
<br>
> > Of course someone could run a similiar service for OpenPGP's<br>
> > certificates, but this is less frequently done.-<br>
><br>
> You have the numbers? I can only guess. Broken CRLs often go<br>
> undetected for weeks but when I released a GnuPG version with a bug in<br>
> --refresh-keys it took only hours for people to detect that.<br>
<br>
Educating guessing, just like you.<br>
<br>
> > The result of the usage of web of trust that I've seen is that it is very<br>
> > hard to find certificates of communication partners that you rarely<br>
> > communicate with.<br>
<br>
> So what? You need a trusted communication channel to someone you don't<br>
> know? No key validation scheme will help you here. Without having an<br>
> established trust connection to your peer you won't send him<br>
> confidential data anyway.<br>
<br>
People do this all the time, though. Usually is it someone you know and you<br>
want to establish that the certificate belongs to this person (with a good<br>
chance).<br>
<br>
> Similar to keyservers an LDAP does give you any hin on the validity<br>
> (trust) of the key (certifciate).<br>
<br>
Does not... yes.<br>
<br>
> > I guess we both agree that the currently used systems need a lot of<br>
> > improvements.<br>
><br>
> S/MIME is broken by design because it has been build on the assumption<br>
> of a global directory (X.500 the global directory of the X.400 mail<br>
> system). This global directory does not exists and thus S/MIME requires<br>
> dozens of sometimes contradicting workarounds and a lot of hand waving.<br>
<br>
I agree that the overall design never worked out. It also does not make too<br>
much sense to me, because I want people to have aliases, so they can keep<br>
multiple identities. Still S/MIME is in use and where it is used in an okay<br>
way, it provides reasonable end-to-end security.<br>
<br>
> OpenPGP steps that all aside and does not define any infrastructure.<br>
> Nevertheless the keyservers came to life and are still the easiest way<br>
> to find a key for a mail address and to upload a revocation.<br>
<br>
In my humble opinion, the usability of this OpenPGP mechanism is worse than<br>
the mechanism of S/MIME right now. But we need to understand this in order to<br>
improve OpenPGP (or other solutions), so I think it is okay to speak openly<br>
about it. Your STEED proposal also addresses this point.<br>
<br>
Anyway, I think that we should take this discussion to a different place,<br>
this is a users list after all. ;)<br>
<br>
Best Regards,<br>
Bernhard<br>
<br>
--<br>
<a href="http://www.intevation.de/~bernhard" target="_blank">www.intevation.de/~bernhard</a> (CEO) <a href="http://www.fsfe.org" target="_blank">www.fsfe.org</a> (Founding GA Member)<br>
Intevation GmbH, Osnabrück, Germany; Amtsgericht Osnabrück, HRB 18998<br>
Owned and run by Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner<br>
<br>_______________________________________________<br>
Gpg4win-users-en mailing list<br>
<a href="mailto:Gpg4win-users-en@wald.intevation.org">Gpg4win-users-en@wald.intevation.org</a><br>
<a href="https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/gpg4win-users-en" target="_blank">https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/gpg4win-users-en</a><br></blockquote></div>