On 05 May 2008, at 14:25, Andrew Jorgensen wrote:
On Mon, 2008-05-05 at 13:54 -0600, Brandon Stout wrote:
Are there compatibility problems between Thawte and OpenPGP? I can
see
signed mail coming from one person's Apple Mail signed with a Thawte
sig, but the person using Apple Mail doesn't get my signature when I
send with Thunderbird using my OpenPGP signature.
Can. Of. Worms.
S/MIME and PGP are two completely different PKIs (okay someone can
argue
that PGP isn't a PKI). Different formats, different algorithms (some
the same I'm sure), different trust models, different user bases.
S/MIME is generally supported by commercial email clients. PGP is
generally supported by open source email clients. Some clients
support
both and most can support both with added plugins.
Even if this user had been able to see your signature they would not
be
able to trust it unless they had been initiated into the PGP world.
This is, if you haven't already guessed, the main (perhaps only)
problem
with the PGP trust model.
The S/MIME trust model is the SSL trust model. A select few
organizations (Thawte is one) are assumed to be trusted and they
assert
trust in their clients.
Actually there's some overlap in the trust models. You can have your
PGP key signed by keyserver.pgp.com (in which case they're the assumed
trust org) and to get your name on a Thawte certificate you have to
get
your identity asserted by someone in their web of trust.
If anyone decides they'd like a Thawte certificate I and a few
colleagues at Novell can assert your identity. Email me off-list.
This is all good information. I use Apple Mail. I have thought about
using PGP before but it did not seem as well supported, so I went
Thawte's offering.
I am looking to get notary status on the WoT so I will be contacting
you off list.
/*
PLUG: http://plug.org, #utah on irc.freenode.net
Unsubscribe: http://plug.org/mailman/options/plug
Don't fear the penguin.
*/
