mike at plan99.net
Thu Jan 8 04:56:53 PST 2015
I think we are mostly in agreement :)
The main reason I suggest just extending the existing PKI infrastructure is
that having used both, I've found S/MIME a lot easier to use both for
myself and others I've nudged into sending me encrypted email. PGP tends
not to be well integrated into things, even when using stuff like GPGTools,
whereas "get a cert via your browser, use Mac Mail/Outlook" is a pretty
straightforward process. And it's all integrated out of the box, you don't
need any additional software.
To make a Twitter cert, you have all the stuff you need already. It should
be pretty much one or two evenings work to link together the <keygen> HTML
tag with Twitter OAuth. And then users can just click through in their
browser, start their mail app, and start sending messages signed with a
The UI for *viewing* the Twitter handle would suck of course - you'd need
to look at the certificate details. So it's there, but not straightforward.
Upgrading open source mail clients to show it, if there were to be a
standard, would be quite feasible though.
In the past few years I've worked on a lot of end-user facing software so I
tend to freak out about implementation costs and look for the laziest,
smallest next steps possible. Given that the WoT tends to turn into the CA
model when done properly anyway, and all the infrastructure from the 1990's
is still around and working, I tend to view writing a bunch of S/MIME
extensions as the path of least resistance. The hard part, of course, is
getting proprietary email app vendors to care. But not much happens in the
email world and presumably Mac Mail/Outlook/etc have at least one or two
guys working on them, they need projects to get promoted, so perhaps it's
not a completely lost cause ;)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Messaging