Announcements and discussions for Gnus, the GNU Emacs Usenet newsreader
 help / color / mirror / Atom feed
From: Uwe Brauer <oub@mat.ucm.es>
To: info-gnus-english@gnu.org
Subject: Re: S/MIME with OpenSSL?
Date: Thu, 12 Nov 2015 09:31:18 +0000	[thread overview]
Message-ID: <87bnazsgwp.fsf@mat.ucm.es> (raw)
In-Reply-To: <87si4ch5wl.fsf@tullinup.koldfront.dk>

>>> "Adam" == Adam Sjøgren <asjo@koldfront.dk> writes:

   > Uwe writes:
   >> Did you try once to convince computer how shall I say illiterate to
   >> use encryption?

   > I learned a long time ago not to try and impose my preferences on other
   > computer users.

This is not about impose, this is about practical matter. Suppose you
want to interchange confidential information with someone outside the
GNU/emacs world and that person has very little computer knowledge. For
him/her pgp is a nightmare to install. Smime not.

   >> operations                S/MIME                 PGP                
   >> Inst of software          no; included           yes                

   > I think you have some hidden assumptions about what software is used
   > here? Don't both S/MIME and PGP use external tools in Gnus?


I am speaking here about software in general, almost all mail programs,
thunderbird, evolution, kmail, outlook, whatever have smime support


   >> Installation of plugin    no; included           yes                

   > Again, you must be assuming something about the software being used -
   > Gnus has built in support for both, right?

Same comment.

   >> generation of keypair     no; ask for a          yes                
   >> certificate                               

   > This seems to be a negative for S/MIME: it is easy to generate a PGP
   > key. How do you generate an S/MIME certificate?

It is not easy to generate a pgp for an illiterate, trust me. You can
generate a S/MIME certificate, but it will be self signed and therefore
useless, most clients would refuse a message from someone with a self
signed certificate. So you apply for certifcate which is signed by a
root authority, in one of the dozen services like commodo, they provide
with a class 1[1] certificate for one year.[2]


   >> interchange of public     simply send a sign     yes interchange    
   >> keys                      message                                   

   > I have never received or sent an S/MIME message, so it's hard to judge
   > this one. Does it mean that every S/MIME message includes the public key
   > of the sender?

yes

   > What prevents you from doing that with PGP-signed messages?

Again for most illiterate this is not obvious. For s/mime it is by design.


   > I've set up Gnus/GnuPG to automatically fetch keys for every person I
   > see a signature from, so there is nothing manual for me to do here.

Again this is not as trivial as you think. An my fetch you mean from a
keyserver where that person has uploaded his key I presume.

   >   Best regards,

   >     Adam

Footnotes: 
[1]  class 1 means only the email is verified not your identity. If you
     want that you have to pay.

[2]  this is of course the weak point of the whole model. If those
     services are breached, the security breaks down or can break down.



_______________________________________________
info-gnus-english mailing list
info-gnus-english@gnu.org
https://lists.gnu.org/mailman/listinfo/info-gnus-english

  reply	other threads:[~2015-11-12  9:31 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-11-08 16:15 Jens Lechtenboerger
2015-11-10 16:42 ` Uwe Brauer
2015-11-10 21:41   ` Adam Sjøgren
2015-11-11  9:38     ` Uwe Brauer
2015-11-11 16:12       ` Adam Sjøgren
2015-11-12  9:31         ` Uwe Brauer [this message]
2015-11-12 15:31           ` Adam Sjøgren
2015-11-13 18:55             ` Uwe Brauer
2015-11-14 15:37               ` Trust and public keys (was: S/MIME with OpenSSL?) Jens Lechtenboerger
2015-11-15 21:07                 ` Trust and public keys Uwe Brauer
2015-11-16 21:15                   ` Jens Lechtenboerger
2015-11-18 15:04                     ` Uwe Brauer
2015-11-19 17:05                       ` Jens Lechtenboerger
2015-11-22 18:09                         ` [smime and gpg] (was: Trust and public keys) Uwe Brauer
2015-11-16 11:32                 ` Trust and public keys Uwe Brauer
2015-11-12 19:20           ` S/MIME with OpenSSL? Peter Münster
2015-11-13 18:21             ` Uwe Brauer

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87bnazsgwp.fsf@mat.ucm.es \
    --to=oub@mat.ucm.es \
    --cc=info-gnus-english@gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).