On 11/27/18 3:47 PM, Alice Wonder wrote: > I actually went for a more complex scenario, I've created my own CA > complete with CRL. OK. That means fewer certificates for your peers to install over time, but is otherwise no better than self-signed. > It's nice because with S/MIME you really want two certs - one for > signing (where ecdsa can be used) and one for when you need to receive > encrypted. IIRC, an S/MIME client should be able to install your public cert and encrypt messages sent to you with no user interaction. With Thunderbird, if I reply to a signed message, I can encrypt the reply. From a usability standpoint, I really want to have just one certificate. The easier it is to send me encrypted messages, the more likely it is that messages will be secure. > Web browsers are applications that exist for the explicit purpose of > downloading and executing untrusted code. It does not seem like that > is a very wise environment to use for generating long term > cryptography keys. It really doesn't. On the other hand, if you don't trust your browser's cryptography implementation, you definitely should not be using your browser for secure communication (https).