mailing list archives
Re: PGP kerserver infrastructure
From: Valdis.Kletnieks () vt edu
Date: Fri, 30 Jun 2000 11:13:25 -0400
On Fri, 30 Jun 2000 01:07:18 PDT, "Roeland M.J. Meyer" said:
It is not an issue of right/wrong. Rather, it is an issue of what
is most usable to the most people. SSL certs are certainly more
usable to many. PGP works with ancient CLI mailers and older GUI
mailers. All modern GUI mailers support X.509 keys for message
All modern GUI? Odd.. I didn't add X.509 to Exmh yet. ;)
Eudora 4.3, which certainly qualifies as "modern GUI" doesn't seem to
come with X.509 support, although it does come with a PGP plugin bundled.
If there *is* X.509 support, feel free to point it at me.
I know Netscape seems to support pcks-7 signatures, and I'm unsure what
encryption and even let you use the same cert for SSL protected
POP3. PGP, OTOH, only encrypts the message body, this is why it's
Umm.. note that the message headers have to be in cleartext for the MTA
to be able to deal with them. Sendmail 8.11 (currently in Beta) will
support TLS for the inter-MTA hop. However, given that Sendmail has
between 70% and 90% of the MTA market, your *current* chances of doing
long-haul e-mail with encrypted headers is rather low.
Just because you use SSL for the MUA-to-MTA transmission does NOT mean that
you have a crypto-secure MUA-to-MUA connection.
popularity is reducing. In addition, even you agree that an X.509
Popularity reducing? Didn't I just see where the keyservers are seeing
an additional 2,500 keys *per day*? Given the 1M keys they say they
have currently, I work that out to 7.5% growth *PER MONTH*. Not bad
for popularity reducing...
Operating Systems Analyst
RE: PGP kerserver infrastructure Roeland M.J. Meyer (Jun 30)
RE: PGP kerserver infrastructure Eric M. Carroll (Jun 30)
- Re: PGP kerserver infrastructure Valdis . Kletnieks (Jun 30)