Alon Bar-Lev wrote: > When PGP was invented there WAS NO standard to send and receive signed > and encrypted messages, so PGP have implemented a proprietary method. > Then, PGP tried to propose it as a standard... OpenPGP... But they have > failed... It was not widely adopted... > S/MIME was the standard adopted by the world, and PGP and gpg had to > catch up. > I thing one should learn from history and not invent any new standard, > especially when such already exists, implemented and adopted.
You are wrong in this regard: PGP is widely adpopted (and what is your definition of "the world"?). And it makes perfectly sense to have both worlds. OpenPGP offers a completely different trust model which suits the needs of some users very well (you can establish a web of trust with anyone without overhead) while S/MIME (or better: X.509) uses a centralized, CA- based model. For some applications I would never trust a commercial certification authority, so in X.509 you have to operate your own CA... Both S/MIME and OpenPG are standards (S/MIME v.1 was more or less proprietary stuff), you might have a look at the according IETF working groups (http://www.ietf.org/). >>>> I don't meant to write another agent. Write a pkcs#11 driver which >>>> uses gpg-agent as its token. >>> This is the WRONG WRONG WRONG approach!!!!!!! >> Why? The _only_ purpose of gpg-agent is to ask you for a password and to >> keep that password in memory. You could use gpg-agent for _any_ >> application that requires a password. > > No... the purpose of gpg-agent is to allow gpg to access private > (secret) keys that are located in different physical location such as > smartcards... > From my point of view this is THE MAJOR feature of gpg-agent... Well, you might have a look at KMail, which uses all the GPG 1.9 stuff. I was impressed by having a key manager, a smart card daemon and the easy interface of gpg-agent. This framework does far more than any PKCS11- implementation: For exampel it is able to handle revocation lists and OCSP-queries. This enables applications to use S/MIME without re-inventing the wheel. So please be fair: Both S/MIME and PGP have their advantages and disadvantages. And GPG seems to be on the way to be able to handle both. This sounds like a good idea to me. Cheers, Olaf -- Dipl.Inform. Olaf Gellert PRESECURE (R) Senior Researcher, Consulting GmbH Phone: (+49) 0700 / PRESECURE [EMAIL PROTECTED] A daily view on Internet Attacks https://www.ecsirt.net/sensornet _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
