[Gpg4win-devel] vs S/MIME (Re: Putty and ECDSA support for gpg-agent in 2.0)

[Bernhard Reiter]

On Tuesday 09 July 2013 at 21:20:10, Werner Koch wrote:
> > I tend to disagree, PKIX is there for a while whether I like it or not.
> > In some circumstances it even allows for a better user experience as
> > OpenPGP,
>
> Right.  But do we really want to suggest the use of a system which makes
> man in the middle attacks that easy.  

Yes, in some situations it is a clear step up from no cryptograpy.
And it has a property that it shares with OpenPGP: You could use it in a 
secure way, if all communication partners would configure and operate it 
properly. 

> At my RMLL talk I suggested the 
> use of S/MIME only if there is really no other way to send encrypted
> data.  Everyone else shall use OpenPGP because OpenPGP gives more power
> to the user.

In my experience in OpenPGP it is harder to establish a trust chain to the 
certificate, in practice. Anyway, STEED would be the real step forward.
And managing x509 certiciates it what we are stuck with for a while,
at least for the commercial web.

Bernhard


-- 
www.intevation.de/~bernhard (CEO)    www.fsfe.org (Founding GA Member)
Intevation GmbH, Osnabrück, Germany; Amtsgericht Osnabrück, HRB 18998
Owned and run by Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.wald.intevation.org/pipermail/gpg4win-devel/attachments/20130710/a6702c66/attachment.sig>