> > PGP, GPG signatures are ok. But that travesty called S/MIME has got to
> > go! 2870 bytes to sign something far less than that!?
>
> Yep :) Personally I'm not having a go at the people who use it
> (doesn't look like you are either), especially since S/MIME support is
> still early in TB and needs to be tested. The thing that bugs me is
> that it exists to start with :) It's just an extra standard for
> Microsoft to build into everything, and there are far better
> equivalents (PGP,GPG) around.
> PGP is fine for mailing lists... takes up almost nothing.
I have to disagree here, PGP is pretty useless for mailing lists. It
is great for using in a circle of friends, but for a mailing list you
would not only need to download that persons key to check their
signature, but you would also need to phone them or something, to
check if the key really belongs to them. How many people here would
want to do this. A PGP signature is useless otherwise - I could easily
generate a key in someone elses name, and then even upload it to a
keyserver.
S/MIME on the other hand is much better where you don't personally
know the people you are communicating with because keys are signed
centrally. Who can blame Microsoft from adopting S/MIME it is much
simpler to use, and there are not the RSA / DH compatibility problems.
As for the size of the signature The Bat! includes the public key in
the signature, but I don't think this is a requirement of S/MIME. The
option can be disabled on Outlook Express, and it would be a good idea
if The Bat! had a similar option.
I had a look at Outlook Express, and looked at the size of the
signature block with the include key option on and off. With it on
the signature was 3.8k (compared with 2.8k on The Bat!), and with it
off it dropped to only 760 bytes. I nominate this option for The Bat!
I prefer a 2.8K attachment with the signature, than the amount of
visual noise created be a PGP message (not forgetting the "you can
download my key at blahh......." bit.
Whether signatures are necessary in this mailing list is another
matter. It is probably too much of an overhead, but it does have a
purpose, a 2.8K attachment is a bit on the big side it does at least
do it's job, the few hundred bytes of a PGP signature do nothing for
me.
S/MIME is well designed, and I wouldn't knock it. As long as the
implementation is good. An interesting about S/MIME is that if you use
Outlook Express' version, and you are outside the US, and havn't
downloading Microsoft's 128-bit security pack, then the 40-bit
encryption that is used is almost worthless.
--
--------------------------------------------------------------
View the TBUDL archive at http://tbudl.thebat.dutaint.com
To send a message to the list moderation team double click here:
<mailto:[EMAIL PROTECTED]>
To Unsubscribe from TBUDL, double click here and send the message:
<mailto:[EMAIL PROTECTED]>
--------------------------------------------------------------
You are subscribed as : [email protected]
