>>> "Adam" == Adam Sjøgren <[email protected]> writes:
> Uwe writes:
>> Did you try once to convince computer how shall I say illiterate to
>> use encryption?
> I learned a long time ago not to try and impose my preferences on other
> computer users.
This is not about impose, this is about practical matter. Suppose you
want to interchange confidential information with someone outside the
GNU/emacs world and that person has very little computer knowledge. For
him/her pgp is a nightmare to install. Smime not.
>> operations S/MIME PGP
>> Inst of software no; included yes
> I think you have some hidden assumptions about what software is used
> here? Don't both S/MIME and PGP use external tools in Gnus?
I am speaking here about software in general, almost all mail programs,
thunderbird, evolution, kmail, outlook, whatever have smime support
>> Installation of plugin no; included yes
> Again, you must be assuming something about the software being used -
> Gnus has built in support for both, right?
Same comment.
>> generation of keypair no; ask for a yes
>> certificate
> This seems to be a negative for S/MIME: it is easy to generate a PGP
> key. How do you generate an S/MIME certificate?
It is not easy to generate a pgp for an illiterate, trust me. You can
generate a S/MIME certificate, but it will be self signed and therefore
useless, most clients would refuse a message from someone with a self
signed certificate. So you apply for certifcate which is signed by a
root authority, in one of the dozen services like commodo, they provide
with a class 1[1] certificate for one year.[2]
>> interchange of public simply send a sign yes interchange
>> keys message
> I have never received or sent an S/MIME message, so it's hard to judge
> this one. Does it mean that every S/MIME message includes the public key
> of the sender?
yes
> What prevents you from doing that with PGP-signed messages?
Again for most illiterate this is not obvious. For s/mime it is by design.
> I've set up Gnus/GnuPG to automatically fetch keys for every person I
> see a signature from, so there is nothing manual for me to do here.
Again this is not as trivial as you think. An my fetch you mean from a
keyserver where that person has uploaded his key I presume.
> Best regards,
> Adam
Footnotes:
[1] class 1 means only the email is verified not your identity. If you
want that you have to pay.
[2] this is of course the weak point of the whole model. If those
services are breached, the security breaks down or can break down.
_______________________________________________
info-gnus-english mailing list
[email protected]
https://lists.gnu.org/mailman/listinfo/info-gnus-english
