[Gpg4win-devel] vs S/MIME (Re: Putty and ECDSA support for gpg-agent in 2.0)
Dr. Peter Voigt
pvoigt at uos.de
Wed Jul 10 11:46:14 CEST 2013
Am Wed, 10 Jul 2013 09:38:27 +0200
schrieb Bernhard Reiter <bernhard at intevation.de>:
> On Tuesday 09 July 2013 at 21:20:10, Werner Koch wrote:
> > > I tend to disagree, PKIX is there for a while whether I like it
> > > or not. In some circumstances it even allows for a better user
> > > experience as OpenPGP,
> >
> > Right. But do we really want to suggest the use of a system which
> > makes man in the middle attacks that easy.
>
> Yes, in some situations it is a clear step up from no cryptograpy.
> And it has a property that it shares with OpenPGP: You could use it
> in a secure way, if all communication partners would configure and
> operate it properly.
>
> > At my RMLL talk I suggested the
> > use of S/MIME only if there is really no other way to send encrypted
> > data. Everyone else shall use OpenPGP because OpenPGP gives more
> > power to the user.
>
> In my experience in OpenPGP it is harder to establish a trust chain
> to the certificate, in practice. Anyway, STEED would be the real step
> forward. And managing x509 certiciates it what we are stuck with for
> a while, at least for the commercial web.
>
> Bernhard
>
>
I've been trying to marginally follow this topic. I'm afraid I've
lost the red line. I've got the impression that topic changes from the
initial root CA dialog of the installer to a more generell discussion
about S/MIME versus OpenPGP. Please excuse me, if I'm wrong and feel
free to correct me.
Even at the risk of extending the already confusing thread I would like
to re-focus at the initial question again. If I got the initial
question right, I have to admit that the root CA installation dialog has
never been of any use for me and should be dropped. I cannot imagine
that it might be useful to anybody. Maybe we can discuss possible
scenarios for it.
I am afraid that the question about the best encryption standard, e.g.
S/MIME or OpenPGP, cannot be answered finally. Although I tend a bit
more to OpenPGP, in practice I do combine both standards. Personally I
prefer OpenPGP for email and I use S/MIME certificates of my FreeRadius
and OpenVPN server - both on server and on client side.
Hoping not to drive topic into wrong direction
Peter
More information about the Gpg4win-devel
mailing list