undefined | Better HN

story

0 pointsunsignedint10y ago0 comments

Probably it's "S/MIME has very little adoption, outside of the corporate / enterprise market.."

Getting keys sign by CA is just as bad (or even worse -- you have to generate and then have that key signed by CA) than generating a key on OpenPGP scheme, and then there's the issue of cost. (Although I've seen some free ones out there.)

0 comments

rmoriz10y ago

No, it's not. WoSign, StartSSL and iirc Comodo create the private key in your browser. This functionality is afaik around since Netscape's first SSL-enabled browser and originally intended for client-side-certificates. Today it's implemened using the <keygen> tag [0].

This usually means, that you press a button in your browser, the Browser generates public+private key, stores them in your Keychain (OSX for example), sends the public key to the CA and the CA mails you the certificate.

It's really done in seconds and for Mail.app or iOS mail you just need to enable S/MIME and sign/encrypt. There are many tutorials out there for various MUA. Except of Android nearly every popular MUA can speak S/MIME including Outlook, Thunderbird… [1] and many tutorials are out there [2].

[0] https://developer.mozilla.org/en-US/docs/Web/HTML/Element/ke...

[1] https://gist.github.com/rmoriz/5945400#file-1_smime-clients-...

[2] http://kb.mozillazine.org/Getting_an_SMIME_certificate