| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20040229054014.GA5623@SDF.LONESTAR.ORG> From: petard at freeshell.org (petard) Subject: OpenPGP (GnuPG) vs. S/MIME On Sat, Feb 28, 2004 at 06:36:46AM +0100, Simon Richter wrote: > "corporate" protocol, with a centralized trust structure. It would be no > problem to introduce centralized trust into an OpenPGP WOT (in fact, it > is being done, e.g. by German computer magazine c't, who offer an > OperPGP signing service and have their fingerprint in every issue), and > it would be no problem to introduce a WOT into S/MIME. > In fact, Thawte is doing just that, for free. Their freemail service offers varying levels of assurance, from email-confirmed (i.e. they've confirmed that the holder of a particular key controls an email address) to vetted by multiple WOT "notaries". IMO the standards are more similar than different. For a "one-off" use of crypto, I'd suggest OpenPGP. For something you wanted to maintain longer term, I'd suggest S/MIME, simply because IMO the client support is superior as is the general infrastructure. FWIW, though, cryptographically they're virtually identical. I'd say I use each 50% of the time, depending on whom I correspond with. The deciding factor for me is usually what my correspondant is savvy enough to use. regards, petard -- If your message really might be confidential, download my PGP key here: http://petard.freeshell.org/petard.asc and encrypt it. Otherwise, save bandwidth and lose the disclaimer.
Powered by blists - more mailing lists