-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 'Lo Melissa,
On Fri, 13 Dec 2002 12:24:41 -0800 your time, you said:
MR> The fact that by simply switching one's preference for implementation
MR> method can yield the opposite verification result ("valid" vs.
MR> "invalid") shows that there is *not* a "standard" at work here.
Not for me Melissa! I tried this and the S/MIME certificates in my many
folders all remain valid still.
MR> With "OpenPGP", on the other hand, regardless of email client or
MR> operating system, if one learns to use it, there *is* a "standard" at
MR> work that will produce consistent verification results.
I disagree. The S/MIME standard seems to me to be well implemented and
correct end implementation seems very much to be down to software vendors
and end users. OpenPGP is no greater a standard than S/MIME is, or rather
has no greater advantage at the moment than S/MIME, and consistency for both
OpenPGP and S/MIME will still ultimately depend on end users.
MR> Furthermore, I also think that "OpenPGP" is more versatile, because its
MR> scope of usefulness goes well beyond a few email clients (and the way in
MR> which each one seems inclined to implement it).
I would agree (and mentioned this in the last reply) with this, to a point.
But then again from what I have read and researched there is also much more
to S/MIME certification than just signing and encrypting email messages. It
has a very useful hierarchical certification structure that doesn't begin
and end with email. It's usefulness therefore extends into the same realms
as OpenPGP. It is in those realms, the commercial world, that OpenPGP and
S/MIME will be 'fighting it out'.
MR> For countless reasons (including reasons of security), I choose not to
MR> use a Microsoft email client.
Yes, of course, and that's what you and I are both doing here <g>
MR> My preferred email client (the great and wonderful "Il Pipistrello!" of
MR> course!), gives me two implementation options for S/MIME.
I hear your client is very good ;-) My 'Homemade Jam Mailer v10' may in fact
share the same appeal <vbg>
MR> If I choose "Internal Implementation", your S/MIME signatures verify as
MR> "valid". If, however, I choose the "Microsoft CryptoAPI" implementation
MR> of S/MIME, your very same message returns a verification of "invalid".
As I have said, not for me.
MR> Please tell me how S/MIME can be considered a *reliable* and
MR> *consistent* "standard"?
It is reliable because once *all* certificates _are correctly imported_ the
validation isn't a problem... just as correctly importing *valid* public
keys will allow verification also. It is no less consistent than PGP in that
sense.
MR> On the other hand, a Linux user of GnuPG, a Mac user of PGP, a Windows
MR> user of GnuPG or PGP, etc., regardless of email client software, can all
MR> *reliably* verify each other's "OpenPGP" created digital signatures.
This is not the case in fact. The *aim* is to make this so, and thereby
create a reliable standard, but we aren't there yet, nowhere near. At the
moment, if you want to 'reliably' communicate with users of older PGP
programs you still have to create a second set of keys for compatibility.
There is no cohesion and unity to meet the OpenPGP standard yet.
MR> It seems to me that the term "standard" makes more sense here than it
MR> does with regards to S/MIME.
I understand what you mean Melissa, and I can see very much where you are
coming from, but I think I will just agree to disagree with you on it. It's
early days yet, and the revival of PGP via PGP Corp. needs time to embed, if
it ever does. OpenPGP _needs_ a company like PGP Corp. in its ranks for it
to stand a chance at becoming the de facto standard, and I don't think it
will make it on it's own to be frank, even if I don't like that!
- --
Sl�n,
Simon @ theycallmesimon.co.uk
******************************************
PGP Key: http://pgp.theycallmesimon.co.uk/
Faffing about with TB! v1.62 on W2K SP3
#1752. Ram Squid Lose Wry �
-----BEGIN PGP SIGNATURE-----
Comment: Privacy is freedom. Protect your freedom with PGP!
Comment: KeyID: 0x5C7E8966
Comment: Fingerprint: 851C F927 0296 FF1C 70A2 474F CB6E 6FFE 5C7E 8966
iQA/AwUBPfp+sstub/5cfolmEQLGvgCfcRkKtrG2bogU+OL+YQmjbyZiouEAoJ4N
OMlIl6oEpgWOBG0yIfHO9vtI
=rbGW
-----END PGP SIGNATURE-----
smime.p7s
Description: S/MIME Cryptographic Signature
