From: Uwe Brauer <oub@mat.ucm.es>
To: info-gnus-english@gnu.org
Subject: Re: S/MIME with OpenSSL?
Date: Thu, 12 Nov 2015 09:31:18 +0000 [thread overview]
Message-ID: <87bnazsgwp.fsf@mat.ucm.es> (raw)
In-Reply-To: <87si4ch5wl.fsf@tullinup.koldfront.dk>
>>> "Adam" == Adam Sjøgren <asjo@koldfront.dk> writes:
> Uwe writes:
>> Did you try once to convince computer how shall I say illiterate to
>> use encryption?
> I learned a long time ago not to try and impose my preferences on other
> computer users.
This is not about impose, this is about practical matter. Suppose you
want to interchange confidential information with someone outside the
GNU/emacs world and that person has very little computer knowledge. For
him/her pgp is a nightmare to install. Smime not.
>> operations S/MIME PGP
>> Inst of software no; included yes
> I think you have some hidden assumptions about what software is used
> here? Don't both S/MIME and PGP use external tools in Gnus?
I am speaking here about software in general, almost all mail programs,
thunderbird, evolution, kmail, outlook, whatever have smime support
>> Installation of plugin no; included yes
> Again, you must be assuming something about the software being used -
> Gnus has built in support for both, right?
Same comment.
>> generation of keypair no; ask for a yes
>> certificate
> This seems to be a negative for S/MIME: it is easy to generate a PGP
> key. How do you generate an S/MIME certificate?
It is not easy to generate a pgp for an illiterate, trust me. You can
generate a S/MIME certificate, but it will be self signed and therefore
useless, most clients would refuse a message from someone with a self
signed certificate. So you apply for certifcate which is signed by a
root authority, in one of the dozen services like commodo, they provide
with a class 1[1] certificate for one year.[2]
>> interchange of public simply send a sign yes interchange
>> keys message
> I have never received or sent an S/MIME message, so it's hard to judge
> this one. Does it mean that every S/MIME message includes the public key
> of the sender?
yes
> What prevents you from doing that with PGP-signed messages?
Again for most illiterate this is not obvious. For s/mime it is by design.
> I've set up Gnus/GnuPG to automatically fetch keys for every person I
> see a signature from, so there is nothing manual for me to do here.
Again this is not as trivial as you think. An my fetch you mean from a
keyserver where that person has uploaded his key I presume.
> Best regards,
> Adam
Footnotes:
[1] class 1 means only the email is verified not your identity. If you
want that you have to pay.
[2] this is of course the weak point of the whole model. If those
services are breached, the security breaks down or can break down.
_______________________________________________
info-gnus-english mailing list
info-gnus-english@gnu.org
https://lists.gnu.org/mailman/listinfo/info-gnus-english
next prev parent reply other threads:[~2015-11-12 9:31 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-08 16:15 Jens Lechtenboerger
2015-11-10 16:42 ` Uwe Brauer
2015-11-10 21:41 ` Adam Sjøgren
2015-11-11 9:38 ` Uwe Brauer
2015-11-11 16:12 ` Adam Sjøgren
2015-11-12 9:31 ` Uwe Brauer [this message]
2015-11-12 15:31 ` Adam Sjøgren
2015-11-13 18:55 ` Uwe Brauer
2015-11-14 15:37 ` Trust and public keys (was: S/MIME with OpenSSL?) Jens Lechtenboerger
2015-11-15 21:07 ` Trust and public keys Uwe Brauer
2015-11-16 21:15 ` Jens Lechtenboerger
2015-11-18 15:04 ` Uwe Brauer
2015-11-19 17:05 ` Jens Lechtenboerger
2015-11-22 18:09 ` [smime and gpg] (was: Trust and public keys) Uwe Brauer
2015-11-16 11:32 ` Trust and public keys Uwe Brauer
2015-11-12 19:20 ` S/MIME with OpenSSL? Peter Münster
2015-11-13 18:21 ` Uwe Brauer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87bnazsgwp.fsf@mat.ucm.es \
--to=oub@mat.ucm.es \
--cc=info-gnus-english@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).