On May 16, 2007, at 5:08 AM, Jim Berland wrote:

P.S.: I never came into contact with certificates like the ones from
Thawte or CACert.org before and I don't know anybody who uses them.
Considering the problems I see with GPG for this task, though, I
wonder if certificates would do the job better or easier. Is this even
the way other companies are going?


Conceptually there isn't anything really different between X.509 certificates and PGP keys with regards to encrypting email, other than the trust models typically employed by each.

In the certificate model, one's certificate is issued by an implicitly trusted third party. The root certificates are pre- installed by the operating system or software vendors and they just work. Most email clients make using them quite simple.

PGP supports the rooted trust model, but it also supports other models. Typically, although not exclusively, PGP uses the web of trust where you must exchange keys ahead of time, and cross sign them to establish explicit trust.

In practice, however, I can get non-technical people using certificates in a lot less time then it takes to get them using PGP. On the other hand, if you are encrypting files to be distributed via HTTP or FTP, I find PGP a lot easier to work with than certificates.

In reality the two technologies are almost identical, but the end- user tools need a lot of work to truly blur the current artificial distinction.


Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
Gnupg-users mailing list
[email protected]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to