SSL and TLS have had a lot of security issues over the past 1-2 years. While these have been patched quickly, they have been very bad and have changed our view of and trust of the Internet. S/MIME is really just aspects of SSL/TLS applied to secure email messages (we looked at this previously). So …. can S/MIME be trusted? Does it suffer from the same vulnerabilities as SSL? Is S/MIME a good thing to use for secure email or should it be avoided with a 10-foot pole?
As we shall see, S/MIME is impervious to the majority the issues with SSL due to the fact that there is no real-time negotiation of cryptographic algorithms and there can be no man-in-the-middle.
Read the rest of this post »