At 10:00 AM 1/22/2007, Kemp, David P. wrote:
I agree that this won't happen anytime soon. TLS server certs are widely deployed now, unlike client certs.
TLS does not provide the level of protection that server-to-server S/MIME tunneling does. E.g, what happens if a server that uses TLS is temporarily unavailable and the backup server (or the backup thereof) doesn't have TLS? Will your mail server store all messages until a TLS server is available? Do system administrators manually check validity of all TLS certs, like when one expires and a new one is installed? I doubt it.
S/MIME encryption to server certs could be made usable, but what is the business case? Encryption might as well be done at the transport layer, with data at rest protection (keeping those credit card numbers on laptops secret) being a local matter. There is a far stronger case to be made for S/MIME signing than for S/MIME encryption.
I couldn't agree more. That's what we see in the market. However, more wide spread use of S/MIME signing creates a business case for S/MIME encryption, as more and more certs are out there to be used.
dagdag Christine -- Izecom BV Secure e-mail and digital signatures www.izecom.com
Attachment:
smime.p7s
Description: S/MIME cryptographic signature