On Wed, 9 Jan 2013 15:35, [email protected] said: > I started to use smime recently and besides its flaws I have to admit > that the key interchange is easier (most likely be more insecure)
With S/MIME you can send the keys because it is a centralized system and all trust comes the root certificate which has already need installed on the system. Actually sending the the certificate with the mail is required because there is no easy other way to retrieve a certificate. With OpenPGP we have it much easier and do not need to resort to that silliness of sending several K of certificates for a one liner. Sending the certificate is even bad because it implies that you never need to look out for revocations. The funny thing is that S/MIME looks online for revocations, but can't do so for certificates. Thus the argument of using a more secure offline connections is a bit flawed. BTW, if you are able to put the keyblock/certificate into the DNS, users have an easy way to get it. You may also configure your mail client to always attach the OpenPGP key, that makes it pretty clear and easy to send you (or Mallory) an encrypted reply. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
