[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: S/MIME with OpenSSL?
|
From: |
Uwe Brauer |
|
Subject: |
Re: S/MIME with OpenSSL? |
|
Date: |
Thu, 12 Nov 2015 09:31:18 +0000 |
|
User-agent: |
Gnus/5.13001 (Ma Gnus v0.10) Emacs/25.0.50 (gnu/linux) |
>>> "Adam" == Adam Sjøgren <asjo@koldfront.dk> writes:
> Uwe writes:
>> Did you try once to convince computer how shall I say illiterate to
>> use encryption?
> I learned a long time ago not to try and impose my preferences on other
> computer users.
This is not about impose, this is about practical matter. Suppose you
want to interchange confidential information with someone outside the
GNU/emacs world and that person has very little computer knowledge. For
him/her pgp is a nightmare to install. Smime not.
>> operations S/MIME PGP
>> Inst of software no; included yes
> I think you have some hidden assumptions about what software is used
> here? Don't both S/MIME and PGP use external tools in Gnus?
I am speaking here about software in general, almost all mail programs,
thunderbird, evolution, kmail, outlook, whatever have smime support
>> Installation of plugin no; included yes
> Again, you must be assuming something about the software being used -
> Gnus has built in support for both, right?
Same comment.
>> generation of keypair no; ask for a yes
>> certificate
> This seems to be a negative for S/MIME: it is easy to generate a PGP
> key. How do you generate an S/MIME certificate?
It is not easy to generate a pgp for an illiterate, trust me. You can
generate a S/MIME certificate, but it will be self signed and therefore
useless, most clients would refuse a message from someone with a self
signed certificate. So you apply for certifcate which is signed by a
root authority, in one of the dozen services like commodo, they provide
with a class 1[1] certificate for one year.[2]
>> interchange of public simply send a sign yes interchange
>> keys message
> I have never received or sent an S/MIME message, so it's hard to judge
> this one. Does it mean that every S/MIME message includes the public key
> of the sender?
yes
> What prevents you from doing that with PGP-signed messages?
Again for most illiterate this is not obvious. For s/mime it is by design.
> I've set up Gnus/GnuPG to automatically fetch keys for every person I
> see a signature from, so there is nothing manual for me to do here.
Again this is not as trivial as you think. An my fetch you mean from a
keyserver where that person has uploaded his key I presume.
> Best regards,
> Adam
Footnotes:
[1] class 1 means only the email is verified not your identity. If you
want that you have to pay.
[2] this is of course the weak point of the whole model. If those
services are breached, the security breaks down or can break down.
- S/MIME with OpenSSL?, Jens Lechtenboerger, 2015/11/08
- Message not available
- Re: S/MIME with OpenSSL?, Adam Sjøgren, 2015/11/10
- Re: S/MIME with OpenSSL?, Uwe Brauer, 2015/11/11
- Re: S/MIME with OpenSSL?, Adam Sjøgren, 2015/11/11
- Re: S/MIME with OpenSSL?,
Uwe Brauer <=
- Re: S/MIME with OpenSSL?, Adam Sjøgren, 2015/11/12
- Re: S/MIME with OpenSSL?, Uwe Brauer, 2015/11/13
- Trust and public keys (was: S/MIME with OpenSSL?), Jens Lechtenboerger, 2015/11/14
- Re: Trust and public keys, Uwe Brauer, 2015/11/16
- Re: Trust and public keys, Jens Lechtenboerger, 2015/11/16
- Re: Trust and public keys, Uwe Brauer, 2015/11/18
- Re: Trust and public keys, Jens Lechtenboerger, 2015/11/19
- [smime and gpg] (was: Trust and public keys), Uwe Brauer, 2015/11/22
- Re: Trust and public keys, Uwe Brauer, 2015/11/16
- Re: S/MIME with OpenSSL?, Peter Münster, 2015/11/12