Re: PGP vs. certificate from Verisign

[Steve Poirot <poirotsj () gci net>]

Thawte does still issue free email certificates.  You can have your name 
rather than your email address
as the CN if you have roughly three Thawte Notaries verify your id.  The 
number of notaries required
depends on how many points the particular notaries are allowed to issue. 
The Thawte site has a way
to look up notaries in your area.

Does anyone know if there is a way to use S/MIME with AOL?  I am not an 
AOL user, but I searched
there site and couldn't find anything about security, let alone S/MIME. 
If they really don't support S/MIME,
PGP would be the way to go if you need to have regular 
(signed/encrypted) correspondence with AOL users.

Steve Poirot

Evans, TJ (BearingPoint) wrote:

> At one time, i.e. - don't know if it still the case - Thawte would issue a
> "personal cert" free.  
>
> One advantage PGP has is the existing infrastructure for key distribution,
> so that you do not necessarily need to have someone's public key (yet) in
> order to encrypt to them or verify their signature.  If they have pushed it
> out to the publicly accessible key-servers you can get it as needed.  But
> again - it depends on what problem you are trying to solve and your
> preferred method of doing so.
>
>
> TJ
> -----Original Message-----
> From: Anne Carasik [mailto:gator () mail cacr caltech edu] 
> Sent: Friday, May 09, 2003 3:46 PM
> To: Kamal Habayeb
> Cc: full-disclosure () lists netsys com
> Subject: Re: [Full-disclosure] PGP vs. certificate from Verisign
>
> OpenPGP is free :) as are other implementations of PGP.
>
> Paying VeriSign to create a digital certificate for you
> is not worth it, considering most of the encryption you
> run into in the wild is PGP keys.
>
> -Anne
>
>
> Kamal Habayeb grabbed a keyboard and typed...
>  
>
> > Greetings,
> >
> > I'm trying to get some expert opinions on which is better.  Using Outlook
> > 2002, would it be better to use PGP to encrypt messages or use the
> >    
> built-in
>  
>
> > option with a digital certificate from Verisign (or some other CA)?
> >
> > Thanks,
> >
> > Kamal
> >    
>
>
>
> ******************************************************************************
> The information in this email is confidential and may be legally 
> privileged.  Access to this email by anyone other than the 
> intended addressee is unauthorized.  If you are not the intended 
> recipient of this message, any review, disclosure, copying, 
> distribution, retention, or any action taken or omitted to be taken 
> in reliance on it is prohibited and may be unlawful.  If you are not 
> the intended recipient, please reply to or forward a copy of this 
> message to the sender and delete the message, any attachments, 
> and any copies thereof from your system.
> ******************************************************************************
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>