Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: OpenPGP (GnuPG) vs. S/MIME

From: petard <petard () freeshell org>
Date: Sun, 29 Feb 2004 05:40:14 +0000
On Sat, Feb 28, 2004 at 06:36:46AM +0100, Simon Richter wrote:

"corporate" protocol, with a centralized trust structure. It would be no
problem to introduce centralized trust into an OpenPGP WOT (in fact, it
is being done, e.g. by German computer magazine c't, who offer an
OperPGP signing service and have their fingerprint in every issue), and
it would be no problem to introduce a WOT into S/MIME.


In fact, Thawte is doing just that, for free. Their freemail service
offers varying levels of assurance, from email-confirmed (i.e. they've
confirmed that the holder of a particular key controls an email address)
to vetted by multiple WOT "notaries". IMO the standards are more similar
than different.

For a "one-off" use of crypto, I'd suggest OpenPGP. For something you
wanted to maintain longer term, I'd suggest S/MIME, simply because IMO the
client support is superior as is the general infrastructure.

FWIW, though, cryptographically they're virtually identical. I'd say I
use each 50% of the time, depending on whom I correspond with. The
deciding factor for me is usually what my correspondant is savvy enough
to use.

regards,

petard

-- 
If your message really might be confidential, download my PGP key here:
http://petard.freeshell.org/petard.asc
and encrypt it. Otherwise, save bandwidth and lose the disclaimer.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: