On Mon, 2008-05-05 at 13:54 -0600, Brandon Stout wrote: > Are there compatibility problems between Thawte and OpenPGP? I can see > signed mail coming from one person's Apple Mail signed with a Thawte > sig, but the person using Apple Mail doesn't get my signature when I > send with Thunderbird using my OpenPGP signature.
Can. Of. Worms. S/MIME and PGP are two completely different PKIs (okay someone can argue that PGP isn't a PKI). Different formats, different algorithms (some the same I'm sure), different trust models, different user bases. S/MIME is generally supported by commercial email clients. PGP is generally supported by open source email clients. Some clients support both and most can support both with added plugins. Even if this user had been able to see your signature they would not be able to trust it unless they had been initiated into the PGP world. This is, if you haven't already guessed, the main (perhaps only) problem with the PGP trust model. The S/MIME trust model is the SSL trust model. A select few organizations (Thawte is one) are assumed to be trusted and they assert trust in their clients. Actually there's some overlap in the trust models. You can have your PGP key signed by keyserver.pgp.com (in which case they're the assumed trust org) and to get your name on a Thawte certificate you have to get your identity asserted by someone in their web of trust. If anyone decides they'd like a Thawte certificate I and a few colleagues at Novell can assert your identity. Email me off-list. /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
