lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <004301c3fda3$43209050$1400000a@bigdog>
From: listuser at seifried.org (Kurt Seifried)
Subject: OpenPGP (GnuPG) vs. S/MIME

Folks. This topic has already been beaten to death. Simple fact is:

PGP is hard for most people to use, and required third party software
install. So it doesn't matter much if it's technically superior or not, it
hasn't taken off yet and I don't think it ever will. The web of trust simply
does not work in the real world for email between people who do not already
have ties to each other.

X.509 is also hard to use, and while more limited it is supported by default
in most major mail applications. It does the job reasonably well.

Both protocols have the same general problem, they make it VERY easy for the
user to make mistakes or misinterpret what is going on.

I went on a PGP signing binge a few years ago, no-one seemed to care, so I
started tweaking my messages to make the signatures fail, no-one complained.
I eventually gave up.

I remember one case where SuSE sent out an advisory that wasn't signed
properly, this mangled advisory was then propogated bu several security
organizations including the German CERT.

http://www.seifried.org/security/cryptography/crypto-book/chapter-08.html

http://www.seifried.org/security/cryptography/20011108-breaking-trust-in-certs.html

This thread is dead. It was dead when it was started. It was dead 3 years
ago.

Kurt Seifried, kurt@...fried.org
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://seifried.org/security/


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ