Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Why ~not~ S/MIME?

Ralph Holz holz at
Tue Jul 30 01:20:23 PDT 2013


All the advantages of S/MIME may be true, but:

> The two big objections to S/MIME I see more frequently are downloading
> your certificate from third-party and cost to get certificate. Both
> problems I think can be more easily solved than the adoption problems
> (on a wider bases) with PGP. Security and OPSEC failures can be
> posited between the two solutions at all levels - *shrug* ..

I am not sure I agree with the OPSEC issue. There are a bunch of
synchronised SKS key servers. As for people's capability to judge
others' accuracy in determining identity, well... is that so much worse
than a CA system, where a CA does only an e-mail check, but no EV?

* With the current weakness of the CA system (all CAs are equal), I
trust PGP a whole lot more

* I often wonder - how are 100+ CAs supposed to certify hundreds of
millions of users? The claim of scalability gets really shaky when
considering revocation, too.

> So - broadly - why not work on the gaps in getting S/MIME more widely
> deployed? Why is it so often entirely disregarded? -Ali

I prefer PGP because:

* In the best case, I get to sign the other person's key myself - not
some CA

* In the not-so-optimal case, someone I know and trust has signed the
other person's key - still better than a CA

* This can be re-inforced by the fact that others I know have signed
that same key, too

* Within a limited range of contacts, PGP actually scales fairly well.
We computed such stuff once for a paper:

What makes PGP more attractive to me is the higher degree of control I
can exercise.


Ralph Holz
I8 - Network Architectures and Services
Technische Universität München
Phone +
PGP: A805 D19C E23E 6BBB E0C4  86DC 520E 0C83 69B0 03EF

More information about the liberationtech mailing list