Linked by Thom Holwerda on Thu 12th Apr 2012 08:59 UTC
Internet & Networking I would honestly serve at the altar of the person that did this. Keep the debugging information, but for the love of god, make your email client do something pretty and useful with it.
Thread beginning with comment 513918
To view parent comment, click here.
To read all comments associated with this story, please click here.
saso
Member since:
2007-04-18

In my opinion, not only should clients make this easy, it really needs to be available for all files regardless of method of delivery. It doesn't matter if you e-mailed it to me, I downloaded it from a web site, or you gave me a thumb drive, we need some way to prove who we are and keep the file secret from everyone else.


OpenPGP features file-based encryption and authentication as well (in fact, the e-mail stuff is just a particular application of the signature and encryption algorithms, which work with any digital data).

TLS does have a role in e-mail, and it's not encryption. TLS provides authentication. Authentication is arguably the largest problem with e-mail. The original protocol simply trusted clients and servers not to lie about who they were, and that's why we have spam. If our servers only accept mail from servers authenticated with certificates, then blocking spam is easy.


Who would issue these certificates? How would you check a certificate's validity exactly? Who would be authenticated by it (sender, recipient, both)? Remember, we're talking server to server SMTP here, not client to server - that's a given, STARTTLS has been in use here for years.

Reply Parent Score: 2