Mastodon Mastodon Mastodon Systeemkabouter blog – Letting go of S/MIME on my e-mail accounts

Letting go of S/MIME on my e-mail accounts

Posted on vr 21 juni 2024 in communication

So I think I've sent mail using S/MIME signatures from both my personal and my business account for about ten years, come to think of it. As much as e-mail is only used in a small percentage of actual personal communications, no-one I communicated with has ever openly appreciated or even acknowledged the fact that my S/MIME signatures provided additional security. Let alone that someone used the configured S/MIME certificate to send actual encrypted mail.

Keeping the certificates valid and updated on different devices costs some money and effort. This money and effort will be used for different purposes from now on. The certificate on my personal email account is still valid for two years, so I may or may not use that to sign e-mails until it expires.

If the need to encrypt or sign e-mail would come up, there is still GnuPG to sign and encrypt e-mail (and signal to everyone that you are, indeed, a total Nerd)

What I liked about S/MIME is that signed e-mail was/is supported in major clients like Outlook and Apple Mail, without the end user needing to configure anything to see/check a mail was signed. A benefit that GnuGP signed mail would lack.