Comments on: Gmail S/MIME http://agilityloop.com/2009/04/16/gmail-smime/ The musings of the agile on the world of tech and government Thu, 26 Aug 2010 19:39:39 +0000 hourly 1 http://wordpress.com/ By: Peter Hesse http://agilityloop.com/2009/04/16/gmail-smime/#comment-4 Peter Hesse Fri, 17 Apr 2009 13:45:57 +0000 http://agilityloop.wordpress.com/?p=11#comment-4 Kevin, thanks for the link and glad you enjoy the blog. Tim, the biggest problem with encryption/signatures in webmail apps is the fact that the webmail provider generally can't/shouldn't be trusted with your private key, or even the secured message. At a minimum, you need some interaction between a private key held on the client side (or through secure network storage) and the email message. It really shouldn't be hard, and I would be more than happy to help any of the big webmail providers integrate it. The webmail provider would need to understand and process the S/MIME, and just call back to the holder of the private key when the signature or decryption is necessary. Microsoft's Outlook Web Access has supported since Exchange 2007. However that's not a general-purpose webmail provider, but is a web-based email application. Kevin, thanks for the link and glad you enjoy the blog.

Tim, the biggest problem with encryption/signatures in webmail apps is the fact that the webmail provider generally can’t/shouldn’t be trusted with your private key, or even the secured message. At a minimum, you need some interaction between a private key held on the client side (or through secure network storage) and the email message.

It really shouldn’t be hard, and I would be more than happy to help any of the big webmail providers integrate it. The webmail provider would need to understand and process the S/MIME, and just call back to the holder of the private key when the signature or decryption is necessary.

Microsoft’s Outlook Web Access has supported since Exchange 2007. However that’s not a general-purpose webmail provider, but is a web-based email application.

]]> By: tim http://agilityloop.com/2009/04/16/gmail-smime/#comment-3 tim Fri, 17 Apr 2009 03:15:47 +0000 http://agilityloop.wordpress.com/?p=11#comment-3 I'd like to talk to a programmer, or maybe just do a little googling, to find out why it's difficult to add signatures and encryption to webmail apps. doesn't seem like it should be that hard. and if it's in fact not difficult to do, why the delay in adoption? this was a killer on my last PKI project...end users all used webmail (hotmail, yahoo, etc) and couldn't digitally sign messages such as revocation and renewal requests, which resulted in a ton of help desk support being required. I’d like to talk to a programmer, or maybe just do a little googling, to find out why it’s difficult to add signatures and encryption to webmail apps. doesn’t seem like it should be that hard. and if it’s in fact not difficult to do, why the delay in adoption? this was a killer on my last PKI project…end users all used webmail (hotmail, yahoo, etc) and couldn’t digitally sign messages such as revocation and renewal requests, which resulted in a ton of help desk support being required.

]]>