Home page logo

nanog logo nanog mailing list archives

Re: PGP kerserver infrastructure
From: Valdis.Kletnieks () vt edu
Date: Fri, 30 Jun 2000 11:13:25 -0400

On Fri, 30 Jun 2000 01:07:18 PDT, "Roeland M.J. Meyer" said:
It is not an issue of right/wrong. Rather, it is an issue of what
is most usable to the most people. SSL certs are certainly more
usable to many. PGP works with ancient CLI mailers and older GUI
mailers. All modern GUI mailers support X.509 keys for message

All modern GUI? Odd.. I didn't add X.509 to Exmh yet. ;)

Eudora 4.3, which certainly qualifies as "modern GUI" doesn't seem to
come with X.509 support, although it does come with a PGP plugin bundled.
If there *is* X.509 support, feel free to point it at me.

I know Netscape seems to support pcks-7 signatures, and I'm unsure what
Outlook supports.

encryption and even let you use the same cert for SSL protected
POP3. PGP, OTOH, only encrypts the message body, this is why it's

Umm.. note that the message headers have to be in cleartext for the MTA
to be able to deal with them.  Sendmail 8.11 (currently in Beta) will
support TLS for the inter-MTA hop.  However, given that Sendmail has
between 70% and 90% of the MTA market, your *current* chances of doing
long-haul e-mail with encrypted headers is rather low.

Just because you use SSL for the MUA-to-MTA transmission does NOT mean that
you have a crypto-secure MUA-to-MUA connection.

popularity is reducing. In addition, even you agree that an X.509

Popularity reducing? Didn't I just see where the keyservers are seeing
an additional 2,500 keys *per day*?  Given the 1M keys they say they
have currently, I work that out to 7.5% growth *PER MONTH*.  Not bad
for popularity reducing...

                                Valdis Kletnieks
                                Operating Systems Analyst
                                Virginia Tech

Attachment: _bin

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]