Full Disclosure mailing list archives
Re: OpenPGP (GnuPG) vs. S/MIME
From: "Kurt Seifried" <listuser () seifried org>
Date: Fri, 27 Feb 2004 19:33:34 -0700
Folks. This topic has already been beaten to death. Simple fact is: PGP is hard for most people to use, and required third party software install. So it doesn't matter much if it's technically superior or not, it hasn't taken off yet and I don't think it ever will. The web of trust simply does not work in the real world for email between people who do not already have ties to each other. X.509 is also hard to use, and while more limited it is supported by default in most major mail applications. It does the job reasonably well. Both protocols have the same general problem, they make it VERY easy for the user to make mistakes or misinterpret what is going on. I went on a PGP signing binge a few years ago, no-one seemed to care, so I started tweaking my messages to make the signatures fail, no-one complained. I eventually gave up. I remember one case where SuSE sent out an advisory that wasn't signed properly, this mangled advisory was then propogated bu several security organizations including the German CERT. http://www.seifried.org/security/cryptography/crypto-book/chapter-08.html http://www.seifried.org/security/cryptography/20011108-breaking-trust-in-certs.html This thread is dead. It was dead when it was started. It was dead 3 years ago. Kurt Seifried, kurt () seifried org A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://seifried.org/security/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- OpenPGP (GnuPG) vs. S/MIME Ben Nelson (Feb 27)
- Re: OpenPGP (GnuPG) vs. S/MIME Tim (Feb 27)
- Re: OpenPGP (GnuPG) vs. S/MIME Kurt Seifried (Feb 27)
- A new look at PGP (WAS: Re: OpenPGP (GnuPG) vs. S/MIME) Harry Hoffman (Feb 27)
- Re: A new look at PGP (WAS: Re: OpenPGP (GnuPG) vs. S/MIME) Troy Solo (Feb 27)
- Re: A new look at PGP (WAS: Re: OpenPGP (GnuPG) vs. S/MIME) gadgeteer (Feb 27)
- Re: Re: A new look at PGP (WAS: Re: OpenPGP (GnuPG) vs. S/MIME) Roy M. Silvernail (Feb 28)
- Re: Re: A new look at PGP (WAS: Re: OpenPGP (GnuPG) vs. S/MIME) gadgeteer (Feb 28)
- Re: OpenPGP (GnuPG) vs. S/MIME Kurt Seifried (Feb 27)
- Re: OpenPGP (GnuPG) vs. S/MIME Tim (Feb 27)
- Re: A new look at PGP (WAS: Re: OpenPGP (GnuPG) vs. S/MIME) Byron Copeland (Feb 27)
- Re: A new look at PGP (WAS: Re: OpenPGP (GnuPG) vs. S/MIME) Harry Hoffman (Feb 28)
- Re: OpenPGP (GnuPG) vs. S/MIME petard (Feb 28)