Home page logo

nanog logo nanog mailing list archives

RE: PGP kerserver infrastructure
From: "Roeland M.J. Meyer" <rmeyer () mhsc com>
Date: Fri, 30 Jun 2000 01:07:18 -0700

From: Albert Levi: Thursday, June 29, 2000 7:35 PM

"Roeland M.J. Meyer" wrote:

Most modern mailers support X.509 certs for encryption. PGP
considerd, by many, to be the older technology. Building PKI
around X.509 is much easier and meets actual existing

Well, X.509 is as old as PGP (rf. PEM which was X.509 based). I
that X.509 based PKIs are easier to built, but easiness does
not mean
usability. The trust structures embedded in X.509 certs are not
acceptable for a large number of PGP users.

I think the large number of PGP users and the current grow rate
determine whether it is old or not. Maybe it is not the
"standard", but
that many PGP users could not be wrong !

It is not an issue of right/wrong. Rather, it is an issue of what
is most usable to the most people. SSL certs are certainly more
usable to many. PGP works with ancient CLI mailers and older GUI
mailers. All modern GUI mailers support X.509 keys for message
encryption and even let you use the same cert for SSL protected
POP3. PGP, OTOH, only encrypts the message body, this is why it's
popularity is reducing. In addition, even you agree that an X.509
PKI is easier to build. Maybe because of the reasons I give here.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]