[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    Re: [Full-Disclosure] OpenPGP (GnuPG) vs. S/MIME
From:       petard <petard () freeshell ! org>
Date:       2004-02-29 5:40:14
Message-ID: 20040229054014.GA5623 () SDF ! LONESTAR ! ORG
[Download RAW message or body]

On Sat, Feb 28, 2004 at 06:36:46AM +0100, Simon Richter wrote:
> "corporate" protocol, with a centralized trust structure. It would be no
> problem to introduce centralized trust into an OpenPGP WOT (in fact, it
> is being done, e.g. by German computer magazine c't, who offer an
> OperPGP signing service and have their fingerprint in every issue), and
> it would be no problem to introduce a WOT into S/MIME.
> 
In fact, Thawte is doing just that, for free. Their freemail service
offers varying levels of assurance, from email-confirmed (i.e. they've
confirmed that the holder of a particular key controls an email address)
to vetted by multiple WOT "notaries". IMO the standards are more similar
than different.

For a "one-off" use of crypto, I'd suggest OpenPGP. For something you
wanted to maintain longer term, I'd suggest S/MIME, simply because IMO the
client support is superior as is the general infrastructure.

FWIW, though, cryptographically they're virtually identical. I'd say I
use each 50% of the time, depending on whom I correspond with. The
deciding factor for me is usually what my correspondant is savvy enough
to use.

regards,

petard

-- 
If your message really might be confidential, download my PGP key here:
http://petard.freeshell.org/petard.asc
and encrypt it. Otherwise, save bandwidth and lose the disclaimer.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[prev in list] [next in list] [prev in thread] [next in thread]