At a security level, the main complaint with S/MIME is that someone can send you a 40-bit encrypted message and you can do nothing to stop them from doing so. Nor can you easily tell when someone has used a weak key.
Yes, S/MIME supports larger symmetric key sizes but it also has backward compatibility for the smaller and weaker key sizes. --Noah-- On Friday, March 22, 2002, at 12:22 PM, Garbrecht, Frederick wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I apologize if this is a hopelessly stupid question, but I don't > really understand the relative merits of using PGP for email > authentication & encryption versus using Microsoft's implementation > of s/mime and digital signatures. I run a small windows network and > would like to begin offering my users some way to authenticate (and > if necessary encrypt) their email. Since we use Outlook pretty > uniformly and Exchange Server, it would seem logical to use the built > in capabilites these products have to provide security. Is there a > reason not to do this and use a third party product ala PGP instead? > I assume the answer has at least partly something to do with the MS > tendency to avoid cross-platform compatibility by not implementing > stuff completely in accord with standards (like they've done with > ipsec), but I'd be interested in hearing from the experts. > Thanks > Fred > > -----BEGIN PGP SIGNATURE----- > Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> > > iQA/AwUBPJuSqLpfJ1+Q9TWkEQKAMACcCmUENdUR8OcJsegbp1ZRlNviiiwAn06V > D/2TySJXUX0qOfFEQ4uFsmXo > =pYUF > -----END PGP SIGNATURE----- >
