Hello Oliver,
Saturday, September 23, 2000, 5:18:42 PM, you wrote:
OS> Hi there,
OS> I suppose I haven't read all the message that certainly popped up on
OS> this topic already, sorry. Anyway, here are some questions:
OS> - S/MIME is for encrypting and signing mail, isn't it? What does it do
OS> that PGP doesn't?
S/MIME, as I understand it, is less 'intrusive' than PGP.
With a PGP signed message you have:
<<<Begin PGP Signed Message notifyer string>>>
Some text
<<<Close PGP Signed Message notifyer string>>>
<<<Clunky looking string of garbage that is the PGP signature>>>
Whereas, S/MIME stores the garbage in another MIME section, so if your
email program supports it you don't have to see it.
OS> - Doesn't it work only with certificates from some special
OS> certification authority? Costing lots of money?
Yes, and not sure on lots of money. I am sure you can get a
certificate from somewhere for free.
OS> Why would I use that
OS> (considering it's not in any wide-spread use, IMHO)?
PGP and S/MIME provide you with TWO functions. On the one hand, they
allow you to encrypt your email so only the specified recipient can
read it. On the other, they allow you to SIGN your email, so it can
verified as from you.
The first you would do because:
1) You don't trust the network your email is travelling over and want
to ensure no one reads it
2) The information is sensitive and you want to make sure only the
recipient can read it after downloading it
3) You don't trust the authorities not to snoop
4) The principal of the thing(the old: if everyone wrote letters on
post cards, it would make it easier for investigators to know which
letters to snoop on).
In all honesty, I find most people use it due to reason number 4, the
principal. The information sent is just NOT the sensitive, but still
thats just MY opinion. Its not my email, so make your own choice.
The second you do because:
1) You get involved in nasty little flame wars and want to make dang
sure no one can ever misquote you/impersonate you.
2) You want to ensure that if anyone ever sues you for libel and
or slander, they can only use your actual words against you.
3) Your are sending information that is sensitive enough that you want
to make sure the recipient knows it is you(when and where to meet your
mistress for lunch, for example) but in a format that you don't care
if anyone reads it(for example, letter to your executive secretary
regarding that business lunch she needs to set up).
4) You just feel more comfortable that everyone who reads your email
will know without a doubt that it is from you.
Again, I find most people use signatures for reason number 4, though I
have seen a smattering of number 1. Again, its your choice.
Once you know WHY you are using it, you can determine what you need to
do.
If the only reason is number 1 or 2, S/MIME is a nicer product as you
won't be spamming everyone with a silly signature everytime you send
an email message. The only time it needs to be verified, you won't
need a mailer to do it, any product support S/MIME can be given the
text, the public key, and verify or deny the signature. If its 3 or 4,
PGP tends to be the product of choice - its more widespread, hence
better supported and more likely your recipients can check your
messages as well.
If its 1 or 4, go with a small key and reduce
the spam. IF its 2 or 3, go with a large key to ensure your privacy.
--
Using The Bat! 1.46c
under Windows NT
4.0 Build 1381
Service Pack 6, RC 1.5
Gary mailto:[EMAIL PROTECTED]
--
--------------------------------------------------------------
View the TBUDL archive at http://tbudl.thebat.dutaint.com
To send a message to the list moderation team double click here:
<mailto:[EMAIL PROTECTED]>
To Unsubscribe from TBUDL, double click here and send the message:
<mailto:[EMAIL PROTECTED]>
--------------------------------------------------------------
You are subscribed as : [email protected]
