How to forge an S/MIME signature
Jon Udell: How to forge an S/MIME signature
Uh Oh. This is an interesting article. I think the issue is as much with how the certificate is issued and managed as it is with the protocol.
I don't think individual certificates is a good idea in the first place. Corporations should install and configure a PKI and link it to e-mail.
Individuals aren't keen to pay for a private key and most don't know what to do with it even if they get one, which is where the problem Udell describes in this article originates.
<< Home