lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <403FC36E.2010308@venom600.org>
From: lists at venom600.org (Ben Nelson)
Subject: OpenPGP (GnuPG) vs. S/MIME

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I'd like to open a discussion about PGP vs. S/MIME .

I've been pondering secure (or at least verifiable) mail lately and I
see these two standards as the main options available at this point.

It seems to me that PGP is the better of the two options because:
- - cryptographically, it appears more secure (i.e. larger public key
sizes possible)
- - it seems to be more widely used
- - it is easier to use (debateable)
- - its free
- - PGP in general is more flexible

I've read a bit of information comparing the two, but it is all pretty
old (mostly pre-2000).  So, I may be operating under some false assumptions.

Also, since PGP seems to be in wider use, why do fewer MUA's support it
out of the box?  To add PGP support to many of the more common MUA's in
use, a 3rd party application needs to be used.  While S/MIME support
seems to be included into a lot of common MUA's.  Is this because of
licensing issues with commercial PGP?  Or is including S/MIME support
just easier, so developers include it out of convenience.

Thoughts?

- --Ben
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAP8Nu3cL8qXKvzcwRAg8/AKC2Zjb0sx18iS1un5xbRc/QK2qNDACgq5rG
X/yTyupNhwe8ShhkJU1Tp38=
=WpF2
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ