On 09/02/2024 08:13, Marco Moock via mailop wrote:
S/MIME exists and I really don't understand why banks and online shops
don't consequently use it.

I'd guess it's because until recently, there were way bigger fish to fry. Now attention has been turned back towards it, the CA/B Forum S/MIME baseline was adopted just recently. Making it possible to automate S/MIME certificate renewal (automation which we've come to realize is quite vital to avoid downtime).

Not to mention the relative complexity of implementing it on both sides. I discovered a major flaw in Apple Mail's S/MIME implementation CVE-2023-40440 <https://blog.aegrel.ee/apple-mail-smime.html>. S/MIME by now is old enough that we've got a layer of cruft to remove before it's usable.

My hope is that at some point we would be able to do "BIMI" with just S/MIME signed mail at some point. Seems like a good combination.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Reply via email to