RE: PGP kerserver infrastructure

["Roeland M.J. Meyer" <rmeyer () mhsc com>]

> From: Albert Levi: Thursday, June 29, 2000 7:35 PM
>
> "Roeland M.J. Meyer" wrote:
>
> > Most modern mailers support X.509 certs for encryption. PGP
is
> > considerd, by many, to be the older technology. Building PKI
> > around X.509 is much easier and meets actual existing
standards.
> Well, X.509 is as old as PGP (rf. PEM which was X.509 based). I
agree
> that X.509 based PKIs are easier to built, but easiness does
not mean
> usability. The trust structures embedded in X.509 certs are not
> acceptable for a large number of PGP users.
>
> I think the large number of PGP users and the current grow rate
> determine whether it is old or not. Maybe it is not the
> "standard", but
> that many PGP users could not be wrong !

It is not an issue of right/wrong. Rather, it is an issue of what
is most usable to the most people. SSL certs are certainly more
usable to many. PGP works with ancient CLI mailers and older GUI
mailers. All modern GUI mailers support X.509 keys for message
encryption and even let you use the same cert for SSL protected
POP3. PGP, OTOH, only encrypts the message body, this is why it's
popularity is reducing. In addition, even you agree that an X.509
PKI is easier to build. Maybe because of the reasons I give here.