On 20.02.2013 21:03, Donald Stufft wrote: > On Wednesday, February 20, 2013 at 3:02 PM, Daniel Holth wrote: >> You know how to do S/MIME; how much harder would it be to use X.509 >> signatures as are supported with openssl and bundled GUI cert managers on >> all OSs? > > Signing tech doesn't really matter. I suspect societal and possibly legal > requirements > will make that choice over technical reasons.
Relying only on OpenSSL would have the great advantage of being able to all the verification/signing/key generation in Python. But it's missing an infrastructure to revoke keys, unless you also implement SSL key revocation mechanisms and have users get official paid/free SSL client certificates from certificate vendors that provide CRLs or support OTRS. At that point, the SSL infrastructure becomes just as difficult to deal with as GPG/PGP, so there isn't much to win both ways, IMO. You just have to deal with it... -- Marc-Andre Lemburg eGenix.com Professional Python Services directly from the Source (#1, Feb 20 2013) >>> Python Projects, Consulting and Support ... http://www.egenix.com/ >>> mxODBC.Zope/Plone.Database.Adapter ... http://zope.egenix.com/ >>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/ ________________________________________________________________________ ::::: Try our mxODBC.Connect Python Database Interface for free ! :::::: eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48 D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg Registered at Amtsgericht Duesseldorf: HRB 46611 http://www.egenix.com/company/contact/ _______________________________________________ Catalog-SIG mailing list [email protected] http://mail.python.org/mailman/listinfo/catalog-sig
