lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
From: petard at freeshell.org (petard)
Subject: OpenPGP (GnuPG) vs. S/MIME

On Sat, Feb 28, 2004 at 06:36:46AM +0100, Simon Richter wrote:
> "corporate" protocol, with a centralized trust structure. It would be no
> problem to introduce centralized trust into an OpenPGP WOT (in fact, it
> is being done, e.g. by German computer magazine c't, who offer an
> OperPGP signing service and have their fingerprint in every issue), and
> it would be no problem to introduce a WOT into S/MIME.
> 
In fact, Thawte is doing just that, for free. Their freemail service
offers varying levels of assurance, from email-confirmed (i.e. they've
confirmed that the holder of a particular key controls an email address)
to vetted by multiple WOT "notaries". IMO the standards are more similar
than different.

For a "one-off" use of crypto, I'd suggest OpenPGP. For something you
wanted to maintain longer term, I'd suggest S/MIME, simply because IMO the
client support is superior as is the general infrastructure.

FWIW, though, cryptographically they're virtually identical. I'd say I
use each 50% of the time, depending on whom I correspond with. The
deciding factor for me is usually what my correspondant is savvy enough
to use.

regards,

petard

-- 
If your message really might be confidential, download my PGP key here:
http://petard.freeshell.org/petard.asc
and encrypt it. Otherwise, save bandwidth and lose the disclaimer.


Powered by blists - more mailing lists