[nycbug-talk] Root certificates on OS X...

Bob Ippolito bob
Sun Jul 25 12:33:35 EDT 2004


On Jul 25, 2004, at 11:20 AM, Trish Lynch wrote:

> On Sun, 25 Jul 2004, Bob Ippolito wrote:
>
>> S/MIME, the specification used by CACert, Thawte, etc. and supported 
>> in
>> stock configurations of popular email clients by such as Mail.app, is
>> definitely *NOT* GPG.  Completely different stuff.  GPG is for rings 
>> of
>> trust, S/MIME is more centralized.  Personally I don't think that GPG
>> really has a chance because S/MIME is already so widely adopted, and
>> PGP/GPG is well, not.  Probably because PGP is proprietary software 
>> and
>> GPG is GPL, where S/MIME takes advantage of the machinery that's
>> already in OpenSSL and other frameworks that people were already using
>> for other things (like encrypted IMAP, POP3, SMTP, HTTP) so licensing
>> isn't really an issue.
>>
>
> I would actually have to disagree, IMO, S/MIME is unwieldy and a pain 
> in
> the arse, while PGP/GPG and all its tools for us unix folks have been a
> round a long time. Its also not hard to get Outlook, Pegasus, or Eudora
> users to use PGP.

I've had much better luck getting people with clients like those on 
S/MIME than PGP.

> I see more people signing thier email with PGP/GPG than anything else. 
> I
> get on average about 10 out of every hundred emails with a verifiable
> OpenPGP signature on it. I don't see that with S/MIME at all.

I see more S/MIME than PGP/GPG.  Different people, I guess.  My mails 
are signed with S/MIME w/ a CAcert certificate, though I did use Thawte 
for a while.

> S/MIME was widely adopted in the clients, and rarely used because of 
> the
> time it takes to get a cert signed by VeriSign and/or Thawte. With 
> PGP, I
> create a key and have others verify in a ring of trust... I have a 
> pretty
> reasonable assumption that all the keys I have imported are verified 
> to be
> the user by other people who have also been verified, by people that I
> have usually met in person and know well. Its much easier for me to use
> OpenPGP than S/MIME.

Getting a cert from Thawte or CAcert is painless, it just doesn't have 
your name on it until you do the web of trust thing and get verified by 
a real person.

-bob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3589 bytes
Desc: not available
Url : http://lists.nycbug.org/pipermail/talk/attachments/20040725/4a64438f/attachment.bin 



More information about the talk mailing list