Outis - S/MIME for Gmail
There's apparently an add-on for Firefox that lets you do S/MIME-based email through Gmail. When I first saw this, my first reaction was something like Why on Earth is anyone doing this!?!?
According to the IETF's outcomes tracking database, S/MIME hasn't been a success. They somewhat charitably say that it has experienced "poor adoption."
For some reason, the heroic efforts of the S/MIME Working Group in creating the dozens of documents that they've finished so far remind me of the part of the Odyssey where Odysseus and his companions escape from the hungry Cyclops Polyphemus by blinding him and running away while his cries that "nobody (ουτις, or outis) was hurting him" were ignored by the other Cyclopes.
Maybe "Outis" is a good code name for the Firefox S/MIME add-on for Gmail. I expect that's who will be using it.
I don't really think that comparing S/MIME to no encryption at all is the best comparison to make. Most email users can send and receive S/MIME message, but almost none of them actually do. The resaon for this is probably due to the need to get a digital certificate.
Now I've never had a problem using certificates myself. I'm actually one of those few people who use S/MIME from time to time. But I've come to understand that most people have an extremely hard time with certificates. Because certificates cause so much trouble, why not use encrypted web mail? Browsers are as ubiquitous as S/MIME-enabled mail clients, so you'll reach the same people, and you'll do it without the big hurdle that certificates can cause.
So I suppose that S/MIME is better than nothing, but it's probably not better that encrypted web mail. I'd go with a solution that used identity-based encryption, of course. That way you can reach almost everyone, and you can do this without using those troublesome certificates.
Posted by: Luther Martin | Sunday, 21 February 2010 at 03:07 PM
Maybe S/MIME is not actually a success, but isn't it better than nothing regarding email security? I mean, when one really needs to send an encrypted email to an S/MIME enabled mail box, isn't it a good enough approach?
Posted by: sapran | Sunday, 21 February 2010 at 08:28 AM