From: Uwe Brauer <oub@mat.ucm.es>
To: ding@gnus.org
Subject: Re: Email encryption with S/MIME or OpenPGP?
Date: Wed, 19 Mar 2014 18:33:43 +0100 [thread overview]
Message-ID: <87ob12gkjs.fsf@gilgamesch.quim.ucm.es> (raw)
In-Reply-To: <m2vbvbrjq6.fsf@krugs.de>
[-- Attachment #1: Type: text/plain, Size: 2089 bytes --]
>> "Rainer" == Rainer M Krug <Rainer> writes:
> Hi
> At the moment I am using OpenPGP to sign and encrypt my emails, but
> this does not work easily on my iPhone (please tell me otherwise if it
> does?).
No it is not, unfortunately. There is no native support and the 3rd
party pkgs are not terrible easy to use, since they are not integrated
with the email reader. One of them is even not gpg conform and it was
impossible to import an old gpg key of mine.
This was one of the reasons for me to switch to smime.
> But the iPhone implements S/MIME encryption. Now what are the
> advantages of using each as a standard signing / encryption? Which
> one is better / safer? I have OpenPGP working via gnus on a Mac and
> am happy with it.
Both use a-symmetric encryption and are both safe, what is radially
different is the distribution of public keys. Pgp/gpg has a key model in
which you generate your key pair and distribute your public key or
uplaod it to a server. The problem is not safety but authency so in gpg
you hope that your key on the server gets signed but a sufficient amout
of trustworthy people.
Smime has a hirachical model. There are a couple of organisations with
posses a root certificate in which signed public keys (called
certificates). You typically apply for such a certificate (a process in
which the encryption module of your bowswer generate your private key),
the authority then allows you to download your certificate signed by
their root certificate, confirming usually only the authenticity of your
email address.
> So - what are others using and why? Should I use S/MIME instead?
Well it is much easier to use and also easier to convince others to use
it as well, because
- It is integrated in your email reader usually.
- You do not have to generate a key pair for your self.
- And you do not need to exchange the public keys, they are
automatically included in your signature.
- it is compatible with the iPhone.
cheers
Uwe Brauer
[-- Attachment #2: smime.p7s --]
[-- Type: application/pkcs7-signature, Size: 5556 bytes --]
next prev parent reply other threads:[~2014-03-19 17:33 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-03-18 8:31 Rainer M Krug
2014-03-19 17:33 ` Uwe Brauer [this message]
2014-03-20 14:44 ` Rainer M Krug
2014-03-20 15:33 ` Uwe Brauer
2014-03-25 19:06 ` Uwe Brauer
2014-03-26 15:38 ` Rainer M Krug
2014-03-27 9:57 ` Uwe Brauer
2014-03-27 10:45 ` Rainer M Krug
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87ob12gkjs.fsf@gilgamesch.quim.ucm.es \
--to=oub@mat.ucm.es \
--cc=ding@gnus.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).