[Gpg4win-users-en] S/MIME vs. OpenPGP

Bernhard Reiter bernhard at intevation.de
Wed Sep 10 09:30:26 CEST 2014 

Hi David, hi Moi!

On Tuesday 09 September 2014 at 12:01:03, David Kronlid wrote:
> It's interesting to read your discussion. Don't underestimate the "users",
> they tend to be very highly motivated to learn. 

Thanks for the feedback! In my experience, we need to make sure that new fresh 
users with really basic questions are welcomed and feel safe enough to ask a 
question that they feel unsecure about. If there is a lot of in depth 
writing, they tend to feel stupid and shy away from asking their questions.
So at some point I try to shift deep technical discussions to a place which is 
more appropriate to keep the channel clear. 

If you understood most aspects of Werner's and my exchange about how 
revokation information relates to the two difference standards and their 
current implementations, you are not a basic user anymore anyway. ;)
There are other good places like gnupg-users (which over time grew more 
technical), gnupg-devel and more general crypto mailing lists you are very 
welcome to hang around and contribute. Maybe it is time to do this. 

> In my personal opinion as a technically interested user, S/MIME is very
> good for companies and organisations that have to encrypt mail within the
> organisation. 

And you are giving a good example why it also works between organisations as 
well:

> If someone from company A want to communicate
> encrypted to someone from company B, and both companies use S/MIME and have
> good control over their certificate distribution, Anna from AT&T can really
> know with 99,9% probability that she is communicating with Bob from
> Bombardier.

As a smaller organisation, if the admin only approves a root/intermediate 
certificates from company A and B, I can also be quite sure that I write to 
Annica and Bartoli. (This is how we use it and I see other smaller 
organisations that interact with larger ones using this, too.)

> To sum up, I prefer OpenPGP for normal users but the current WOT system is
> really bad and should be abandoned. The only way I can think of where a WOT
> system would really work is if the closest relatives of every person signed
> the keys. 

It is an important discussion, on gnupg-users or -devel will be a lot of 
people that can contribute to it. It is a design question. I'd say that you 
are demanding too much from the trust relationships that you are trying to 
archieve.


Best Regards,
Bernhard 

-- 
www.intevation.de/~bernhard (CEO)    www.fsfe.org (Founding GA Member)
Intevation GmbH, Osnabrück, Germany; Amtsgericht Osnabrück, HRB 18998
Owned and run by Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3955 bytes
Desc: not available
URL: <http://lists.wald.intevation.org/pipermail/gpg4win-users-en/attachments/20140910/16a5f41e/attachment.bin>

More information about the Gpg4win-users-en mailing list