S/MIME Makes It Into Apple Mail

By far the coolest, most righteous, and totally awesome feature in Mac OS X 10.3 is the introduction of S/MIME functionality in Apple Mail. OK, maybe that’s just cool to me and a few other security geeks, but nevertheless this is a long overdue feature and an important advance towards more secure communications on the Mac platform. With this functionality, users can finally authenticate and encrypt using standard X.509-based certificates.

So for a brief lo-down on why I even give such a big whoop about the issue: I have worked as webmaster for several companies that specialize in this technology, notably Xcert, then briefly at RSA Security which bought out Xcert, then Certicom, and am just now doing some after-hours consulting for Kyberpass in what little spare time I have. Basically, I love this stuff…

And now for a brief overview of why you as an email user should care: Email is basically a very non-secure way of communicating. Your email is sent in plaintext from your computer through the internet which passes through several servers along the way to it’s intended destination, where it might easily be intercepted and read. If you are casually sending information such as personal financial info to your accountant, user IDs and passwords to partners, or just sending naughty messages to your spouse as I do, then you are risking having that information being read by a 3rd party. It is also possible that someone might impersonate another in order to deceive the recipient. The best technology for preventing these security compromises is by using “public key” authentication and encryption.

There are two common ways to achieve public key authentication and encryption. Most common is the use of the most excellent PGP, where trust can be achieved using a peer to peer model. S/MIME is the other option, and this protocol uses the X.509 standard which is the same standard used to secure web servers that use SSL. With S/MIME, trust of someone’s identity is passed from an already-trusted certificate authority (CA) such as Verisign or Thawte. If someone’s identity is valid against one of these CAs, you will get a positive confirmation of identity from your email program and will be able to decrypt any messages from them. If someone’s identity has expired or is invalid, your email program will kick back a warning and probably refuse to decrypt the message.

Common email clients include Netscape 4.x and Mozilla 1.x on all platforms, Outlook and Outlook Express for Windows, Lotus Notes R5, and now Apple’s Mail on the Panther platform. With your identity certificate installed, you would be able to send authenticated and encrypted messages to users on any of these email clients.

To set this up is still a bit tricky though. There’s little documentation in Apple’s Help docs, but there is a decent starter article on Apple’s support website, but that still doesn’t explain all the steps because the online certificate aquisition process is not fully supported in Safari yet. In my next post, I’ll explain how to get a free certificate from Thawte using Mozilla and how you can use it in Apple Mail on Panther.

Confessions of a Mac user on Windows

This is the end of my first week working on a Windows XP workstation. Some good, some bad. Well mostly I’ve just been having affirmations of why I am a Mac user – I’ve been searching for the genius and the elegance in Windows XP and I guess I just haven’t found it yet.

Why does Microsoft insist on making the preference panels for Outlook so cryptic? Choices for Options and Customize in an illogical menu placement, and you have to drill down through multiple dialog boxes just to edit basic features. The way Outlook wraps text and quotes messages is really horrific.

Installing applications is proving to be less idiot-proof than one would hope. Had two installs fail yesterday without any informative warning, although documentation led me to beleive that there was something wrong with my .NET installation. But as far as my installation knows, it thinks .NET is up to date and just dandy.

I do like how the Integrated Workspace works on Dreamweaver. Macromedia did a very good job of organizing this and keeping things neat and usable. The Integrated Workspace paradigm contrasts greatly with the floating panel paradigm on Mac; you do lose a lot of possible functionality with multiple program windows being available that you enjoy on Mac. But the Integrated Workspace is easy to use on it’s own merits and I like it so far.

Color on Photoshop is just way off. I need to mess around with the monitor calibration to fix it some more. Stuff that should be aqua blue looks like more of an algae green.

My god – one thing I am going to miss that I had really been accustomed to on Mac: using keystrokes to enter extended characters such as em-dash and copyright symbols. This is going to be a pain in the butt when doing typography.

MSIE 6 for Windows should be considered an embarassment on Microsoft’s part. This browser has so many quirks and usability issues, and you would think that it would have gotten better by now. I mean, I’ve always tested things on MSIE 6, but I’ve never had to live with it. At least it renders standards-compliant sites well. Here’s to hoping that MSIE 7, if they ever make it, will have some of these bugs worked out.

I just finished installing Mac OS X 10.3 on my new PowerBook. The contrasts between the Mac’s ease of use and refined elegance over XP’s lack thereof is a lot more apparent than I was expecting. After hearing all the XP hype, I expected more. I feel like XP is just a slapped-together patchwork of technologies that work the way they were inteded most of the time, but all to often they fail, and still hasn’t progressed as far as I think it should have beyond it’s 2000/NT predecesors.

I love working in San Francisco, but…

…where do all these freaks come from? My god – I saw this one beautiful specimen arise from the bushes in his pajamas, scratch himself, yawn, belch, and walk off as if he was just getting out of bed. But this was of course 5 in the afternoon. And then there was the freak in the Foot Locker shoe store who was rubbing up against people all freaky like, and everyone pretened the psycho just wasn’t there. And finally the guy that got on the bus and promptly began a steady precussion of flatulence as he graced himself down the aisle drinking his 40 ounce malt beverage ingeniously concealed in an everyday plain brown paper bag, as if no-one would suspect a thing…

XP Experiences

At my new gig, I’ve been using Windows XP. I am not impressed with this OS. I suppose I’ll give it a few more days before I give it final judgement, but all the things I’ve come to take for granted on Mac OS X such as ease of use, seamless operations, logic, stability, usability, etc. are just not nearly as good as I had expected from all the XP hype I have been saturated with. There is a serious amount of crap-ola on XP, stuff is broken, bizzare error messages come from out of nowhere, and at least one instance of my profile being completely lost. Grrrr…. More later…