<div dir="ltr"><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_extra"><br><div class="gmail_quote">On Sun, Dec 4, 2016 at 9:27 PM, Peter Gutmann <span dir="ltr"><<a href="mailto:pgut001@cs.auckland.ac.nz" target="_blank">pgut001@cs.auckland.ac.nz</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">Phillip Hallam-Baker <<a href="mailto:phill@hallambaker.com">phill@hallambaker.com</a>> writes:<br>
<br>
>In fact there is much more use of S/MIME for authentication than for<br>
>confidentiality.<br>
<br>
</span>And there is much more use of hovercraft than monorails.<br>
<br>
Given that the use of S/MIME is essentially nonexistent outside of a few<br>
government and large corporate orgs where people can be ordered to use it or<br>
face disciplinary action (and where the mgt. realises that actually enforcing<br>
this would result in either no workforce left or a complete shutdown of email,<br>
they fix it by reinventing store-and-forward STARTTLS using S/MIME gateways),<br>
where does the data to support this come from? Just wondering... is there<br>
really significant use of S/MIME (meaning signed email, not CMS for EDI or<br>
something similar) signed messages, outside of the STARTTLS-equivalent?<br>
Where? By whom?<br></blockquote><div><br></div><div><div class="gmail_default" style="font-size:small">The number of S/MIME certs enrolled is roughly two million which is roughly the same as the number of keys enrolled in key servers.</div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">Neither application has been impressive in terms of deployment. </div><br></div><div> </div></div></div></div>