ietf
[Top] [All Lists]

Re: pgp signing in van

2013-09-06 08:19:08
Dave:

is pgp compromised?

PGP is a packaging method.  Absent grossly incompetent packaging -- and I've 
never heard claims that PGP or S/MIME were guilty of that -- my sense is that 
the interesting security mechanisms are the underlying algorithms.

Is there something about PGP that creates different exposures than S/MIME, in 
terms of those algorithms?  (Key management has obvious differences, of 
course.)

The biggest difference is PKI vs. web of trust.  You do not need a key signing 
event for a PKI -- you have already decided (or a vendor decided for you) to 
trust the Certificate Authority.

Russ


<Prev in Thread] Current Thread [Next in Thread>