ietf
[Top] [All Lists]

Re: not really pgp signing in van

2013-09-09 20:28:48
> Yes, and no.  PGP and S/MIME each have their own key distribution
> problems.  With PGP, it's easy to invent a key, and hard to get other
> people's software to trust it.  With S/MIME it's harder to get a key,
> but once you have one, the software is all happy.

That's a bug, not a feature.   The PGP key is almost certainly more trust=
worthy than the S/MIME key.

Um, didn't this start out as a discussion about how we should try to get
people using crypto, rather than demanding perfection that will never
happen?  Typical S/MIME keys are issued by CAs that verify them by
sending you mail with a link.  While it is easy to imagine ways that
could be subverted, in practice I've never seen it.

> The MUAs I use (Thunderbird, Alpine, Evolution) support S/MIME a lot
> better than they support PGP.  There's typically a one key command or
> a button to turn signing and encryption on and off, and they all
> automagically import the certs from on incoming mail.

Yup. That's also a bug, not a feature. I was just wondering why that is. The only implementation I've seen a reference to is Sylpheed, which is not widely used

Same issue.  I can send signed mail to a buttload more people with
S/MIME than I can with PGP, because I have their keys in my MUA.
Hypothetically, one of them might be bogus.  Realistically, they aren't.

R's,
John

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

<Prev in Thread] Current Thread [Next in Thread>