Skip to Content.
Sympa Menu

assurance - RE: [Assurance] Request for Comment: IAP 4.2.4 Credential Issuance and Management

Subject: Assurance

List archive

RE: [Assurance] Request for Comment: IAP 4.2.4 Credential Issuance and Management


Chronological Thread 
  • From: "Jones, Mark B" <>
  • To: "" <>
  • Cc: "" <>
  • Subject: RE: [Assurance] Request for Comment: IAP 4.2.4 Credential Issuance and Management
  • Date: Mon, 3 Dec 2012 11:47:37 -0600
  • Accept-language: en-US
  • Acceptlanguage: en-US

As you say, I have heard that if you read your Google mail with a client such
as Thunderbird signing works.

But I don't think you have to go as far as end-to-end encryption. Properly
displaying a signed email has nothing to do with encryption or private keys.

Also, I am able to send and receive signed and/or encrypted email with M$ OWA
using my private key on my USB token. So this is doable in a web client
without giving up control of your private key.

-----Original Message-----
From:


[mailto:]
On Behalf Of Joe St Sauver
Sent: Monday, December 03, 2012 11:23 AM
To:

Cc:

Subject: Re: [Assurance] Request for Comment: IAP 4.2.4 Credential Issuance
and Management

<>
commented:

#This has been a point of frustration with Gmail for years... as far as I
#know, they still don't support S/MIME.

End-to-end encryption dramatically reduces Gmail's ability to target relevant
ads at users, and since they live and die on their advertising revenues,
well, there you go.

Abd from a user's POV, I also wouldn't want my email provider to have access
to my private key, anyhow, right?

That said, there are solutions that will let you do S/MIME with Gmail:

-- You can try Penango, see http://www.penango.com/ (caution: licensing
required for some types of deployments, and note that when the browser
updates, there may be a relatively brief lag while Penango gets rev'd
for compatability with the new version)

-- Gmail also allows users to use IMAP, see
http://support.google.com/mail/bin/answer.py?hl=en&answer=77695
so you can also use any IMAP client that has good integrated S/MIME
support (Thunderbird should work fine, for example)

If you're interested, feel free to check out my death march through client
certificates (from a Security Professionals 2012 preconference seminar),
http://pages.uoregon.edu/joe/secprof2012/sec-prof-2012-client-certs.pdf

Don't hesitate to drop me a note if you have any questions,

Regards,

Joe



Archive powered by MHonArc 2.6.16.

Top of Page