Talk:S/MIME

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search
WikiProject Computing (Rated Start-class)
WikiProject iconThis article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
Start-Class article Start  This article has been rated as Start-Class on the project's quality scale.
 ???  This article has not yet received a rating on the project's importance scale.
 

This is the talk page for S/MIME, the Wikimedia software has some funny ideas about the slash, please ignore this technical oddity.

S/MIME[edit]

What it is ??? Secure transport or secure storage or both ?? For me secure storage storage is bad (no search and indexing). —Preceding unsigned comment added by 82.193.205.189 (talk) 08:53, 11 November 2008 (UTC)

Was the standard S/MIME named in reference to the German S-mine, the terrible antipersonnel mine (also known as the Bouncing Betty)?

Maybe, but I wouldn't have thought it to be very likely, personally. — Matt Crypto 16:17, 14 November 2005 (UTC)
I don't think there is any connection. It began life simply as Secure MIME. It appears as S-MIME in some early emails. The reason for the separator is to stop it reading smime which sounds like slime. --Gorgonzilla 15:39, 7 April 2006 (UTC)
It's simply S as in SSL Secure Sockets Layer or similar and TLS Transport Layer Security plus MIME Multipurpose Internet Mail Extensions. -- Omniplex 21:27, 7 April 2006 (UTC)

CryptoDox - S/MIME link[edit]

I would think, that this link shouldn't be in the article, because it leads to an article with the same name but much smaller (tiny). Why people should loose their time going there? —The preceding unsigned comment was added by Dinno (talkcontribs) 00:40, 17 April 2006 (UTC)

Agreed. The CryptoDox guy has spammed Wikipedia with lots of links to articles on his site, none of which, as far as I recall, have been anything that but poor in comparison to the corresponding Wikipedia article. If it's better, then fine, it's reasonable to include it. Not until then, however. — Matt Crypto 16:14, 17 April 2006 (UTC)

Gmail extension[edit]

The text should read "... functionality is availible in the ..." rather than "... functionality is built into the ...", as "built into" implies that S/MIME is provided with no modifications; this is not the case for some of these listed mail clients. Any objections?

Jdstroy 05:15, 11 October 2006 (UTC)

No longer applies. :( jdstroy 06:51, 12 December 2006 (UTC)

External Links[edit]

Someone has removed the external links that point to free and paid for Certificates but has left this in the body of the article.

"or from a public CA such as one of those listed below" Just think that it should be reworded to take the lack of CA's that are now no longer available. (81.19.57.186 16:35, 27 December 2006 (UTC))

Good catch. While Wikipedia is not a directory, it is acceptable to give a link to the appropriate dmoz directory category, which I have done. Wrs1864 16:47, 27 December 2006 (UTC)


Outlook Express[edit]

I do not think all versions of OE have the mentioned bug. The comment should be limited to the appropriate versions (if at all present). —The preceding unsigned comment was added by Herbys (talkcontribs).

Hello, please keep in mind to sign your comments on talk pages. -- intgr 06:07, 29 March 2007 (UTC)
I removed the statement altogether, for now. If anyone wishes to restore it with a proper source and with a specified version number, you can restore it from the edit history: diff. -- intgr 06:09, 29 March 2007 (UTC)

Email Encryption[edit]

I removed the Email Encryption link from the "See Also" section as the link was a dead-end and E-mail encryption is simply redirected to Pretty Good Privacy which is already in the "See Also" section. Perhaps a generic E-mail Encryption page needs to be created as both PGP and S/MIME are valid E-mail Encryption techniques. --Maetrics 01:50, 11 May 2007 (UTC)

I've placed E-mail encryption back into the "See Also" section as apparently 12 hours after my removal, someone planted an article which included the suggestions I made --Maetrics 23:20, 9 October 2007 (UTC)

Obstacles to deploying S/MIME in practice[edit]

The third bullet point down (currently) includes the sentence "Another argument is that servers often contain data that is confidential to the organization anyway, so what difference does it make if additional data, such a private keys used for decryption, are also stored and used on such servers?" The "another argument" part makes it sound like this will be an argument AGAINST using S/MIME for corporate webmail (given the section heading and parent bullet), but the gist of the sentence seems to be an argument FOR using it - or at least an argument for why it would be OK to use it. I guess what I'm saying is that this section is confusing! I'd try to fix it myself, but I don't know enough about the topic (which is why I'm looking it up...). Anybody care to clarify? -- Wegsjac (talk) 21:36, 16 November 2007 (UTC)

I can't say I agree with that part, but here is what I understand about the controversy of S/MIME on mail servers:
  • Anything encrypted with S/MIME is unreadable by those managing the mail server, or the server itself for that matter. This makes things like filtering spam nearly impossible, short of a DNSBL.
  • If the company mail server must be able to read all messages passing through the server, as is typically done for spam control, enforcement of company policies, etc. then he must either:
  1. have a copy of the user's private key (defeating the purpose of public key cryptography) or
  2. have the user send a copy to a separate recipient for all incoming and outgoing messages
  • If the server administrator does have one of the above, that means he can eavesdrop on any company communications, possibly infringing on trade trade secrets.
In cases like this, administrators have been known to use this information to trade stocks, based on CEO communications with other companies, thus the controversy. Do you risk letting the IT manager see everything that goes on, or do you let everyone get peppered with spam and let the IT manager foot the bill for more bandwidth to deal with it? 164.107.194.180 (talk) 22:08, 12 May 2009 (UTC)

Help needed in adding citations[edit]

We need to recruit volunteers to help by adding suitable citations - see http://en.wikipedia.org/wiki/Wikipedia:Verifiability - CecilWard (talk) 14:43, 13 August 2010 (UTC)