Re: Email encryption with S/MIME or OpenPGP?

[Rainer M Krug <Rainer@krugs.de>]

[-- Attachment #1: Type: text/plain, Size: 2611 bytes --]

Uwe Brauer <oub@mat.ucm.es> writes:

>>> "Rainer" == Rainer M Krug <Rainer> writes:
>
>    > Hi
>    > At the moment I am using OpenPGP to sign and encrypt my emails, but
>    > this does not work easily on my iPhone (please tell me otherwise if it
>    > does?).
>
> No it is not, unfortunately. There is no native support and the 3rd
> party pkgs are not terrible easy to use, since they are not integrated
> with the email reader. One of them is even not gpg conform and it was
> impossible to import an old gpg key of mine.
>
> This was one of the reasons for me to switch to smime.

Hm - not nice. I thought there would be an easy option.

>
>    > But the iPhone implements S/MIME encryption. Now what are the
>    > advantages of using each as a standard signing / encryption? Which
>    > one is better / safer? I have OpenPGP working via gnus on a Mac and
>    > am happy with it.
>
> Both use  a-symmetric encryption and are both safe, what is radially
> different is the distribution of public keys. Pgp/gpg has a key model in
> which you generate your key pair and distribute your public key or
> uplaod it to a server. The problem is not safety but authency  so in gpg
> you hope that your key on the server gets signed but a sufficient amout
> of trustworthy people.
>
> Smime has a hirachical model. There are a couple of organisations with
> posses a root certificate in which signed public keys (called
> certificates). You typically apply for such a certificate (a process in
> which the encryption module of your bowswer generate your private key),
> the authority then allows you to download your certificate signed by
> their root certificate, confirming usually only the authenticity of your
> email address.

Thanks - the difference is clear to me. 

>
>    > So - what are others using and why? Should I use S/MIME instead?
>
>
> Well it is much easier to use and also easier to convince others to use
> it as well, because
>
>
>     -  It is integrated in your email reader usually. 
>
>     - You do not have to generate a key pair for your self.
>
>     - And you do not need to exchange the public keys, they are
>       automatically included in your signature.
>
>     -  it is compatible with the iPhone.

Good arguments - but I am using a Mac and the GPG version for
the mac does not yet included gpgsm - so I have the option of using the
homebrew version, wait, or not use easyPG in GNUS.

Cheers,

Rainer
 

>
> cheers
>
> Uwe Brauer 

-- 
Rainer M. Krug
email: Rainer<at>krugs<dot>de
PGP: 0x0F52F982

[-- Attachment #2: Type: application/pgp-signature, Size: 494 bytes --]