Sorry for my false teachings about PGP, and thank you for appointing my
errors.
Well, about S/MIME message size, I've got more precise figures.
I have created a e-mail message in MS Outlook Express and Netscape Messenger
with a single binary
attachment of 1026 KB (large enough for minimizing impact of signatures and
PEM encodings).
Sizes:
Original attachment - 1026 KB
Plain MIME-encoded message - 1416 KB (headers, base-64 encoding)
Signed-only S/MIME message - 1420 KB (the additional 4KB are the detached
S/MIME signature, not bad)
Encrypted-only S/MIME message - 1947 KB - (encode the attachment in base-64,
encrypt it, add a certificate and use base-64 encoding again. Argh, but that
is S/MIME)
Signed&Encrypted S/MIME message - 2672 KB (!)
I've thought that Outlook Express figures for signed&encrypted S/MIME
messages
really stink (probably it does not use detached S/MIME signatures before
encrypting), but I've tried the same thing with Netscape Messenger and got
worse figures (about 3000 KB).
Edson E. Watanabe
7COMm
Sao Paulo
Brazil
----- Original Message -----
From: "Richard Levitte - VMS Whacker" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Wednesday, July 19, 2000 10:59 AM
Subject: Re: Attached files
> From: "Edson E. Watanabe" <[EMAIL PROTECTED]>
>
> edsonw_nospam> You can choose between S/MIME or PGP.
> edsonw_nospam>
> edsonw_nospam> Advantages of S/MIME:
> [...]
> edsonw_nospam> b) Just get two Digital ID Certificates (buy them from
> edsonw_nospam> Verisign, get them free from Thawte or create them
> edsonw_nospam> yourself, the choice is yours) and install them.
>
> You don't *have* to get two certificates. However, you might want to
> sign with a different one than the one you let others encrypt with.
> I've heard this is supported in OutLook, but as far as I know, it's
> not in Netscape Messenger...
>
> edsonw_nospam> Disadvantages:
> [...]
> edsonw_nospam> b) Messages signed and encrypted by S/MIME double their
> edsonw_nospam> size. I think you must compress your data before
> edsonw_nospam> sending it (with gzip for instance)
>
> "must" is a bit too strong a word. Also "double their size" is a
> little too much to say. What happens is that things are usually
> transport-encoded with base64 at the end, which accounts for a size
> increase of 25% (every 3 bytes are recoded as 4 bytes within a set of
> ASCII characters that are mail-safe), plus a newline after every 64th
> character, plus a few headers. Account the extra increase in size to
> the signature and DER codes, but that part should be pretty minimal
> for large things.
>
> edsonw_nospam> Advantages of PGP:
> [...]
> edsonw_nospam> Disadvantages:
> edsonw_nospam> a) The default mode of PGP encrypts only text; you must
> edsonw_nospam> have a PGP/MIME compliant reader (like Eudora with the
> edsonw_nospam> PGP plug-in) to encrypt/sign your attachments.
>
> *sigh* please don't do false teachings. PGP handles binary files just
> fine unless they are very special (which they tend to be on some
> operating systems, but not on Windows or Unix). However, the default
> doesn't create MIME attachments. Instead, there's some extra textual
> formating that is specific to PGP, and as you say, to get stuff in
> MIME attachments, you must use something that is PGP/MIME compliant...
> in both ends of the communication...
>
> Just to show how well PGP handles binary files: the OpenSSL
> distribution is normally signed with a PGP key. The signature is kept
> in a separate file.
>
> edsonw_nospam> b) PGP is not PEP (Pretty Easy Privacy), it can be
> edsonw_nospam> somewhat difficult to use.
>
> That is quite correct, especially when PGP is used and not PGP/MIME,
> these days (all the world hail MIME :-)).
>
> --
> Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED]
> Chairman@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47
> Redakteur@Stacken \ SWEDEN \ or +46-709-50 36 10
> Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED]
> Member of the OpenSSL development team: http://www.openssl.org/
> Software Engineer, Celo Communications: http://www.celocom.com/
>
> Unsolicited commercial email is subject to an archival fee of $400.
> See <http://www.stacken.kth.se/~levitte/mail/> for more info.
__________________________________________________
Do You Yahoo!?
Talk to your friends online with Yahoo! Messenger.
http://im.yahoo.com
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
