| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: yossarian at planet.nl (yossarian) Subject: PGP vs. certificate from Verisign What I wonder - will Verisign have set up CRL servers yet? Remember the IE problem when someone got hold of MS certificates? The MS-fix was blacklisting them locally, the real problem was that there was no revocation servers. Then again, how many concurrent connections would they get if MS sent out a critical update? So - stick to PGP - forget about PKI. ----- Original Message ----- From: "Evans, TJ (BearingPoint)" <tjevans@...ringpoint.net> To: <full-disclosure@...ts.netsys.com> Sent: Friday, May 09, 2003 11:48 PM Subject: RE: [Full-Disclosure] PGP vs. certificate from Verisign > At one time, i.e. - don't know if it still the case - Thawte would issue a > "personal cert" free. > > One advantage PGP has is the existing infrastructure for key distribution, > so that you do not necessarily need to have someone's public key (yet) in > order to encrypt to them or verify their signature. If they have pushed it > out to the publicly accessible key-servers you can get it as needed. But > again - it depends on what problem you are trying to solve and your > preferred method of doing so. > > > TJ > -----Original Message----- > From: Anne Carasik [mailto:gator@...l.cacr.caltech.edu] > Sent: Friday, May 09, 2003 3:46 PM > To: Kamal Habayeb > Cc: full-disclosure@...ts.netsys.com > Subject: Re: [Full-Disclosure] PGP vs. certificate from Verisign > > OpenPGP is free :) as are other implementations of PGP. > > Paying VeriSign to create a digital certificate for you > is not worth it, considering most of the encryption you > run into in the wild is PGP keys. > > -Anne > > > Kamal Habayeb grabbed a keyboard and typed... > > Greetings, > > > > I'm trying to get some expert opinions on which is better. Using Outlook > > 2002, would it be better to use PGP to encrypt messages or use the > built-in > > option with a digital certificate from Verisign (or some other CA)? > > > > Thanks, > > > > Kamal > > > > **************************************************************************** ** > The information in this email is confidential and may be legally > privileged. Access to this email by anyone other than the > intended addressee is unauthorized. If you are not the intended > recipient of this message, any review, disclosure, copying, > distribution, retention, or any action taken or omitted to be taken > in reliance on it is prohibited and may be unlawful. If you are not > the intended recipient, please reply to or forward a copy of this > message to the sender and delete the message, any attachments, > and any copies thereof from your system. > **************************************************************************** ** > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists