ietf-smime
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Difference between SMIME and PGP

1998-11-04 09:33:54
from [Stefan_Salzmann/HAM/Lotus] [Permanent Link] 
Hello out there,

I am struggling on the difference between SMIME and PGP. One of my customers
wants to make the decision between using SMIME and PGP. I have been talking
already with them but we got stuck in detailes.

Basically its quit clear. SMIME will be supported by all important industry
leaders such as Netscape, Microsoft, Novell etc. Further SMIME supports the
hierarchical trust model and PGP only supports the "web of trust" model. Now
with PGP Version 6.0, PGP will support also X.509 certificates. Those can also
be loaded into an PGP client than an SMIME Client can do it.
So where is the difference now? Is it just the fact that the industry decided to
go with SMIME or are there more differences (advantages for SMIME) when looking
more closely.
For instance using RSA public key encryption versus Deffie Helman public key
encryption. How about Digital Signature Standard (DSS)? I have red about DSS and
understand that DSS is the standard that provides the Digital Signature
Algorithm. Before applying it there has to be calculated an Digest using SHA. I
always thought that calculating the digest would be the signature already!! So
why using the DSA in addition? Will the digest be decrypted using the Deffie
Helman private key? Users that apply Deffie Helman exchange their public values
in order to derive an secret key that will be known at both party sides. Is that
secret key the private key used to encrypt message digests or is the private key
generated by the DSA algorithm?
In PGP further exist key rings that contain the public keys of other users? How
does that work with X.509 Certificates that actually contain the public key. If
there has to be a public key revoked, it happens in the key ring. Would it be
possible to export that revoked certificate. If not the revoked public key would
resist only lokally.
Are there any differences/advantages between RSA and Deffie Helman?

You see I am very confused right now and I have the feeling that all my security
theories woun´t match with those used in PGP.

I really would appreciate it if there would be someone helping my to remove all
that dust of my mind...

Thank you in advance
Stefan
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: WG Last Call:draft-ietf-smime-cms-07.txt, Flanigan, Bill
Next by Date:  PGP 6.0 ... One more question, Stefan_Salzmann/HAM/Lotus
Previous by Thread:  More Comments on smime-cms-07, Jim Schaad (Exchange)
Next by Thread:  Re: Difference between SMIME and PGP, Jon Callas
Indexes:  [Date] [Thread] [Top] [All Lists]