Search Mailing List Archives
[liberationtech] Why ~not~ S/MIME?
holz at net.in.tum.de
Tue Jul 30 01:20:23 PDT 2013
All the advantages of S/MIME may be true, but:
> The two big objections to S/MIME I see more frequently are downloading
> your certificate from third-party and cost to get certificate. Both
> problems I think can be more easily solved than the adoption problems
> (on a wider bases) with PGP. Security and OPSEC failures can be
> posited between the two solutions at all levels - *shrug* ..
I am not sure I agree with the OPSEC issue. There are a bunch of
synchronised SKS key servers. As for people's capability to judge
others' accuracy in determining identity, well... is that so much worse
than a CA system, where a CA does only an e-mail check, but no EV?
* With the current weakness of the CA system (all CAs are equal), I
trust PGP a whole lot more
* I often wonder - how are 100+ CAs supposed to certify hundreds of
millions of users? The claim of scalability gets really shaky when
considering revocation, too.
> So - broadly - why not work on the gaps in getting S/MIME more widely
> deployed? Why is it so often entirely disregarded? -Ali
I prefer PGP because:
* In the best case, I get to sign the other person's key myself - not
* In the not-so-optimal case, someone I know and trust has signed the
other person's key - still better than a CA
* This can be re-inforced by the fact that others I know have signed
that same key, too
* Within a limited range of contacts, PGP actually scales fairly well.
We computed such stuff once for a paper:
What makes PGP more attractive to me is the higher degree of control I
I8 - Network Architectures and Services
Technische Universität München
PGP: A805 D19C E23E 6BBB E0C4 86DC 520E 0C83 69B0 03EF
More information about the liberationtech