I’ve moved this from Mac Access, as it is not a specific Apple technology
discussion.
Just to add a little to this. Basically what your friend has told you is
totally correct. Only the socket layer is encrypted with SSL but the purpose
of an SSL certificate is very different and, if by implication, I lead anybody
to believe the contrary, then I humbly beg their pardon.
The reason you’d use a signed E-Mail certificate is to guarantee the original
source of the message. Somebody who digitally signs, rather than encrypts, a
message is doing so in order to guarantee its authenticity.
Technically, a digital signing certificate is not an SSL certificate and I was
actually very much off the pane when I described it as such. A Secure Socket
Layer, (SSL) certificate does exactly what the description would imply, it
encrypts data send via that specific socket but only whilst the data is in
transit. Once on the destination server, it is then decrypted and, in the case
of our servers, re-encrypted using totally different technologies.
So really speaking it is important not to confuse the two systems. A digitally
signed certificate such as those found in E-Mail, is merely a mime attachment
to the message. It in no way encrypts the message and that is the difference.
A system such as PGTP does optionally encrypt as well as sign the message,
turning the message into an attachment which many E-Mail clients at this time
can decode and re-constitute as the message body. Outlook, for example, and
Apple Mail do have this ability. I have encountered clients which do not,
however, and I know that this is true of earlier versions of Thunderbird and
the old Eudora mail client for Windows.
But the drawback with PGP is that it uses its own standard. Thus, one would
have to be very careful to whom one sent a PG{ signed message. If the
recipient doesn’t have PGP, it’s totally useless. In the case of a signed
message, however, the certificate is signed by an authorised certificate which
the client can verify. Thus, it’s easy to define it as genuine.
So basically what I’m saying is that there is a difference between “signing”
and “encrypting” a message. I have in the past used PGP technologies at the
server level. When those technologies are used, they are used to encrypt and
sign mail. PGP can be used as a means of both encrypting and signing a
message. So yes, both have their functions and both have their place.
Kind regards
<--- Gordon Smith --->
<[email protected]>
Information Technology Accessibility Consultant;
Providing Help & Support To Young People LivingWith Visual Impairment, plus
Braille Transcription services.
On 1 Dec 2013, at 02:29, Dane Trethowan <[email protected]> wrote:
Hi!
you probably know all this already but I thought what you said about SSL/TLS
and GPG was interesting so here's something from another System Administrator I
know which makes it sound that both systems can be used with great effect
together.
<snip>
SSL stands for secure sockets layer, it is a technology used to encrypt an end
to end connection between two machines.
When you encrypt an email using pgp, its hidden from anyone who doesn't have
the appropriate decryption key.
When you connect to a website (or email server) using ssl, only that connection
is encrypted, if the original email is unencrypted, and sent on by whatever
server you delivered it to, its unencrypted for that part of the journey as
well as when it arrives at the recipiant.
So, you would use pgp when you want to guarantee that an email can only be
decrypted by the recipiant.
You would use ssl (or tls these days) when you want a connection between you
and a remote machine to be secure from evesdropping by people along the way.
<snip>
On 30 Nov 2013, at 10:59 pm, Gordon Smith <[email protected]> wrote:
> I’ve often thought about getting back into that but I’ve decide that SSL
> authentication certificates offer a better alternative for mail. Obviously,
> if you want file encryption that’s a different matter. I can see why PGP
> would be a better option there. Think I’ll pop over to the Synamtec site now
> and see what’s kookie’, if I can find it.
>
> Kind regards
>
> <--- Gordon Smith --->
>
> <[email protected]>
>
> Information Technology Accessibility Consultant;
> Providing Help & Support To Young People LivingWith Visual Impairment, plus
> Braille Transcription services.
>
> On 30 Nov 2013, at 03:53, Dane Trethowan <[email protected]> wrote:
> Anyone here using PGP on your Mac?
>
> I’ve just installed it on my Macbook Pro so if anyone would like to volunteer
> for testing then eMail me privately so I can find your Public key on the GPG
> server etc.
>
> <--- Mac Access At Mac Access Dot Net --->
>
> To reply to this post, please address your message to
> [email protected]
>
> You can find an archive of all messages posted to the Mac-Access forum at
> either the list's own dedicated web archive:
> <http://mail.tft-bbs.co.uk/pipermail/mac-access/index.html>
> or at the public Mail Archive:
> <http://www.mail-archive.com/[email protected]/>.
> Subscribe to the list's RSS feed from:
> <http://www.mail-archive.com/[email protected]/maillist.xml>
>
> As the Mac Access Dot Net administrators, we do our very best to ensure that
> the Mac-Access E-Mal list remains malware, spyware, Trojan, virus and
> worm-free. However, this should in no way replace your own security
> strategy. We assume neither liability nor responsibility should something
> unpredictable happen.
>
> Please remember to update your membership preferences periodically by
> visiting the list website at:
> <http://mail.tft-bbs.co.uk/mailman/listinfo/mac-access/options/>
>
**********
Dane Trethowan
Skype: grtdane12
Phone US (213) 438-9741
Phone U.K. 01245 79 0598
Phone Australia (03) 9005 8589
Mobile: +61400494862
Fax +61397437954
<--- Mac Access At Mac Access Dot Net --->
To reply to this post, please address your message to [email protected]
You can find an archive of all messages posted to the Mac-Access forum at
either the list's own dedicated web archive:
<http://mail.tft-bbs.co.uk/pipermail/mac-access/index.html>
or at the public Mail Archive:
<http://www.mail-archive.com/[email protected]/>.
Subscribe to the list's RSS feed from:
<http://www.mail-archive.com/[email protected]/maillist.xml>
As the Mac Access Dot Net administrators, we do our very best to ensure that
the Mac-Access E-Mal list remains malware, spyware, Trojan, virus and
worm-free. However, this should in no way replace your own security strategy.
We assume neither liability nor responsibility should something unpredictable
happen.
Please remember to update your membership preferences periodically by visiting
the list website at:
<http://mail.tft-bbs.co.uk/mailman/listinfo/mac-access/options/>
=======================================
The Techno-Chat E-Mail forum is guaranteed malware, spyware, Trojan, virus and
worm-free
To modify your subscription options, please visit for forum's dedicated web
pages located at
http://mail.tft-bbs.co.uk/mailman/listinfo/techno-chat
You can find an archive of all messages posted to the Techno-Chat group at
either of the following websites:
http://mail.tft-bbs.co.uk/pipermail/techno-chat/index.html
Or:
<http://www.mail-archive.com/[email protected]>
you may also subscribe to this list via RSS. The feed is at:
<http://www.mail-archive.com/[email protected]/maillist.xml>
---------------------------------------
